Secure storage of payment information on client devices
First Claim
1. A computer-implemented method for secure storage of payment instrument verification information on a client device, comprising:
- receiving, by a computer from a client device, a first request to register a payment instrument, the first request comprising at least a payment instrument account number and a verification code corresponding to the payment instrument account number and a user identifier associated with an electronic account record stored on a payment instrument server;
storing, by the computer, the payment instrument account number with the electronic account record associated with the user identifier received in the first request;
encrypting, by the computer, the verification code to generate an encrypted verification code using one or more encryption keys;
communicating, by the computer to the client device, the encrypted verification code and executable instructions, the executable instructions when executed by a processor on the client device directing storage of the encrypted verification code in a local storage data structure on the client device;
deleting, by the computer, the verification code and the encrypted verification code from the computer after communication of the encrypted verification code to the client device;
receiving, by the computer, a second request for payment information from a merchant server, the second request comprising at least the user identifier; and
retrieving, by the computer, the encrypted verification code from storage in the local data structure on the client device associated with the user identifier in response to receiving the second request from the merchant server.
2 Assignments
0 Petitions
Accused Products
Abstract
An online electronic wallet system and method provide secure storage and transmission of payment instrument information for use in completing online purchases initiated from a client device. A payment instrument'"'"'s verification code is stored in an encrypted form in local storage on a client device and retrieved and re-encrypted along with other payment instrument information stored on the system using a merchant-specific key. An API library is used to integrate the online electronic wallet system with a registered merchant'"'"'s purchase flow, including the ability to ensure receipt of an electronic receipt prior to communicating payment instrument information to a merchant server.
-
Citations
22 Claims
-
1. A computer-implemented method for secure storage of payment instrument verification information on a client device, comprising:
-
receiving, by a computer from a client device, a first request to register a payment instrument, the first request comprising at least a payment instrument account number and a verification code corresponding to the payment instrument account number and a user identifier associated with an electronic account record stored on a payment instrument server; storing, by the computer, the payment instrument account number with the electronic account record associated with the user identifier received in the first request; encrypting, by the computer, the verification code to generate an encrypted verification code using one or more encryption keys; communicating, by the computer to the client device, the encrypted verification code and executable instructions, the executable instructions when executed by a processor on the client device directing storage of the encrypted verification code in a local storage data structure on the client device; deleting, by the computer, the verification code and the encrypted verification code from the computer after communication of the encrypted verification code to the client device; receiving, by the computer, a second request for payment information from a merchant server, the second request comprising at least the user identifier; and retrieving, by the computer, the encrypted verification code from storage in the local data structure on the client device associated with the user identifier in response to receiving the second request from the merchant server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 22)
-
-
8. A computer program product, comprising:
a non-transitory computer-readable medium having computer-readable program code embodied therein that when executed by a computer processor cause the computer processor to; receive, from a client device, a first request to register a payment instrument, the first request comprising at least a payment instrument account number, a verification code, and a user identifier associated with an electronic account record stored on a payment instrument server; store the payment instrument account number with the electronic account record associated with the user identifier received in the first request; encrypt the verification code with a private encryption key to generate an encrypted verification code; communicate, to the client device, the encrypted verification code and executable instructions, the executable instructions when executed by a processor on the client device directing storage of the encrypted verification code in a local storage data structure on the client device; delete the verification code and the encrypted verification code from the computer'"'"'s memory after communication to the client device; receive a second request for payment information from a merchant server, the second request comprising at least the user identifier; and retrieve the encrypted verification code from storage in the local data structure on the client device associated with the user identifier in response to receiving the second request from the merchant server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A system for the secure storage of payment instrument verification information on a client device, the system comprising:
-
a storage device; a network device; and a processor communicatively coupled to the storage and the network device, the processor executing application code instructions that are stored in the storage device and that cause the system to; receive a first request to register a payment instrument from a client device, the first request comprising at least a payment instrument account number, a verification code corresponding to the payment instrument account number, and a user identifier, the user identifier being associated with an online electronic account record stored in the storage device; store the payment instrument account number in the online electronic account record stored in the storage device and identified by the user identifier; encrypt the verification code using one or more encryption keys to generate an encrypted verification code; communicate the encrypted verification code and executable instructions to the client device, the executable instructions when executed by a processor on the client device storing the encrypted verification code in a local storage data structure on the client device; delete the verification code and the encrypted verification code from the system after communicating the encrypted verification code to the client device; receive a second request for payment information from a merchant server, the second request comprising at least the user identifier; and retrieve the encrypted verification code from storage in the local data structure on the client device associated with the user identifier in response to receiving the second request from the merchant server. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification