Token-based payment processing system

US 8,584,251 B2
Filed: 04/07/2010
Issued: 11/12/2013
Est. Priority Date: 04/07/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:

(a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user;

(b) the first computer sending the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS);

(c) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and

(d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data-processing system, such as a payment processing system, including a tokenizer, such as a card encryption and storage system (CES) employing a tokenization feature. In one embodiment, the present invention provides a first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer. The method includes the steps of: (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer; (c) the first computer receiving, from the third computer, a token having no algorithmic relationship to the confidential information; and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

Citations

23 Claims

1. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:
- (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user;
  
  (b) the first computer sending the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS);
  
  (c) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and
  
  (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The invention of claim 1, wherein the first computer comprises:
    - a first software program adapted to interface with the second computer; and
      
      a second software program different from the first software program, the second software program adapted to interface with the third computer but not the second computer.
  - 3. The invention of claim 2, wherein:
    - step (a) comprises;
      
      (a1) the first software program receiving the information for performing the transaction, except for the confidential information; and
      
      (a2) the second software program receiving the confidential information manually entered by the user;
      
      step (b) comprises the second software program sending the confidential information to the third computer;
      
      step (c) comprises the second software program receiving the token from the third computer; and
      
      step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
  - 4. The invention of claim 3, further comprising the second software program buffering the token in a buffer, wherein, prior to step (d), the user pastes the token from the buffer into an entry field of the first software program.
  - 5. The invention of claim 4, wherein the buffer is an operating-system clipboard of the first computer.
  - 6. The invention of claim 3, wherein substep (a2) comprises the second software program receiving the confidential information by means of the user typing the confidential information into an entry field of a window displayed by the second software program.
  - 7. The invention of claim 2, wherein:
    - step (a) comprises the first software program receiving the information for performing the transaction, including the confidential information;
      
      step (b) comprises;
      
      (b1) the second software program receiving the confidential information from the first software program by inspecting an entry field of a window of the first software program that includes the confidential information; and
      
      (b2) the second software program sending the confidential information to the third computer;
      
      step (c) comprises;
      
      (c1) the second software program receiving the token from the third computer; and
      
      (c2) the second software program replacing the confidential information in the entry field of the window of the first software program with the token; and
      
      step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
  - 8. The invention of claim 1, wherein the first computer comprises:
    - a software program adapted to interface with the second computer; and
      
      a packet inspector adapted (i) to receive packets from the software program, (ii) to forward the packets to the second computer, and (iii) to selectively modify one or more of the packets prior to forwarding the packets to the second computer.
  - 9. The invention of claim 8, wherein:
    - step (a) comprises the software program receiving the information for performing the transaction, including the confidential information;
      
      step (b) comprises;
      
      (b1) the packet inspector receiving one or more packets of data from the software program, including the confidential information; and
      
      (b2) the packet inspector sending the confidential information to the third computer;
      
      step (c) comprises;
      
      (c1) the packet inspector receiving the token from the third computer; and
      
      (c2) the packet inspector modifying the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and
      
      step (d) comprises the packet inspector sending to the second computer the one or more modified packets of data, wherein the one or more modified packets of data include (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
  - 10. The invention of claim 9, wherein the packet inspector is a dedicated hardware appliance having a processor different from a processor executing the software program.

11. A first computer for preventing the transmission of confidential information to a second computer in communication with the first computer, the first computer adapted to:
- (a) receive information for performing a transaction, the information including confidential information manually entered by a user;
  
  (b) send the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS);
  
  (c) receive, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and
  
  (d) send to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The invention of claim 11, wherein the first computer comprises:
    - a first software program adapted to interface with the second computer; and
      
      a second software program different from the first software program, the second software program adapted to interface with the third computer but not the second computer.
  - 13. The invention of claim 12, wherein:
    - step (a) comprises;
      
      (a1) the first software program receiving the information for performing the transaction, except for the confidential information; and
      
      (a2) the second software program receiving the confidential information manually entered by the user;
      
      step (b) comprises the second software program sending the confidential information to the third computer;
      
      step (c) comprises the second software program receiving the token from the third computer; and
      
      step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
  - 14. The invention of claim 13, wherein the second software program is adapted to store the token in a buffer, wherein, prior to step (d), the user pastes the token from the buffer into an entry field of the first software program.
  - 15. The invention of claim 14, wherein the buffer is an operating-system clipboard of the first computer.
  - 16. The invention of claim 13, wherein substep (a2) comprises the second software program receiving the confidential information by means of the user typing the confidential information into an entry field of a window displayed by the second software program.
  - 17. The invention of claim 12, wherein:
    - step (a) comprises the first software program receiving the information for performing the transaction, including the confidential information;
      
      step (b) comprises;
      
      (b1) the second software program receiving the confidential information from the first software program by inspecting an entry field of a window of the first software program that includes the confidential information; and
      
      (b2) the second software program sending the confidential information to the third computer;
      
      step (c) comprises;
      
      (c1) the second software program receiving the token from the third computer; and
      
      (c2) the second software program replacing the confidential information in the entry field of the window of the first software program with the token; and
      
      step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
  - 18. The invention of claim 11, wherein the first computer comprises:
    - a software program adapted to interface with the second computer; and
      
      a packet inspector adapted (i) to receive packets from the software program, (ii) to forward the packets to the second computer, and (iii) to selectively modify one or more of the packets prior to forwarding the packets to the second computer.
  - 19. The invention of claim 18, wherein:
    - step (a) comprises the software program receiving the information for performing the transaction, including the confidential information;
      
      step (b) comprises;
      
      (b1) the packet inspector receiving one or more packets of data from the software program, including the confidential information; and
      
      (b2) the packet inspector sending the confidential information to the third computer;
      
      step (c) comprises;
      
      (c1) the packet inspector receiving the token from the third computer; and
      
      (c2) the packet inspector modifying the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and
      
      step (d) comprises the packet inspector sending to the second computer the one or more modified packets of data, wherein the one or more modified packets of data include (i) the information for performing the transaction, except for the confidential information, and (ii) the token.
  - 20. The invention of claim 18, wherein the packet inspector is a dedicated hardware appliance having a processor different from a processor executing the software program.

21. A non-transitory machine-readable storage medium, having encoded thereon program code, wherein, when the program code is executed by a machine, the machine implements a method for preventing the transmission of confidential information from a first computer and a second computer in communication with the first computer, the method comprising the steps of:
- (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user;
  
  (b) the first computer sending the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS);
  
  (c) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and
  
  (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).

22. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:
- (a) the first computer inspecting an entry field of a window of a software program to determine whether the entry field includes confidential information;
  
  (b) if the entry field includes confidential information, then(b1) the first computer sending the confidential information to a third computer, wherein substep (b1) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS), and(b2) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein substep (b2) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and
  
  (c) the first computer replacing the confidential information in the entry field of the window of the software program with the token, wherein step (c) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).

23. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of:
- (a) the first computer receiving one or more packets of data from the first computer;
  
  (b) the first computer inspecting the one or more packets of data to determine whether the one or more packets of data include confidential information;
  
  (c) if the one or more packets of data include confidential information, then(c1) the first computer sending the confidential information to a third computer, wherein substep (c1) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS), and(c2) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein substep (c2) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS);
  
  (d) the first computer modifying the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and
  
  (e) the first computer forwarding the one or more modified packets of data to the second computer, wherein step (e) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Princeton Payment Solutions LLC Wholly-Owned Subsidiary of Financial Transaction Services LLC
Original Assignee
Princeton Payment Solutions
Inventors
McGuire, Kevin M., Taggart, Rush
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
SONG, HEE K

Application Number

US12/755,459
Publication Number

US 20100257612A1
Time in Patent Office

1,315 Days
Field of Search

713/183, 713/184, 726/2, 726/9, 726/20, 726/26, 705 64- 67, 235/380
US Class Current

726/26
CPC Class Codes

G06Q 20/383 Anonymous user system

Token-based payment processing system

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Token-based payment processing system

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links