Secure online transaction processing

US 8,725,644 B2
Filed: 01/28/2011
Issued: 05/13/2014
Est. Priority Date: 01/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method for securely processing an online transaction on a payment processor between a customer and a merchant, the method comprising:

receiving from a merchant system on the payment processor an authentication request including a transaction identifier associated with the online transaction;

generating a one-time use payment processor encryption key in response to the received authentication request, the one-time use payment processor encryption key corresponding to and associatively linked with the transaction identifier on the payment processor;

relaying the one-time use payment processor encryption key to a customer system through the merchant system;

receiving from the customer system over a direct secured communications link therewith bypassing the merchant system personal account data associated with the customer, the personal account data being encrypted on the customer system with the one-time use payment processor encryption key;

receiving a transaction processing request on the payment processor from the merchant system separately from the personal account data received from the customer system, the transaction processing request including the transaction identifier; and

generating a transaction processing response to the merchant system based upon an execution of the transaction processing request with the received personal account data associated with the transaction identifier.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various methods for securely processing an online transaction between a customer and a merchant are disclosed. In one method, an authentication credentials request that includes a transaction identifier is received from a merchant system. In response, an encryption key is transmitted to the merchant system. From a customer system, the personal account data associated with the customer is received, which is encrypted with the encryption key. A transaction processing request from the merchant system prompts the generating of a transaction processing response based upon its execution.

62 Citations

View as Search Results

18 Claims

1. A method for securely processing an online transaction on a payment processor between a customer and a merchant, the method comprising:
- receiving from a merchant system on the payment processor an authentication request including a transaction identifier associated with the online transaction;
  
  generating a one-time use payment processor encryption key in response to the received authentication request, the one-time use payment processor encryption key corresponding to and associatively linked with the transaction identifier on the payment processor;
  
  relaying the one-time use payment processor encryption key to a customer system through the merchant system;
  
  receiving from the customer system over a direct secured communications link therewith bypassing the merchant system personal account data associated with the customer, the personal account data being encrypted on the customer system with the one-time use payment processor encryption key;
  
  receiving a transaction processing request on the payment processor from the merchant system separately from the personal account data received from the customer system, the transaction processing request including the transaction identifier; and
  
  generating a transaction processing response to the merchant system based upon an execution of the transaction processing request with the received personal account data associated with the transaction identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - storing on the payment processor a private version of the one-time use payment processor encryption key relayed to the customer system;
      
      decrypting on the payment processor, in response to receiving the transaction processing request, the personal account data with the private version of the one-time use payment processor encryption key corresponding to the transaction identifier.
  - 3. The method of claim 2, wherein the transaction processing request includes a transaction sum, a debit in an amount thereof being requested from a financial account identified by the personal account data.
  - 4. The method of claim 2, wherein the transaction processing request includes a transaction authorization confirmation for a financial account identified by the personal account data.
  - 5. The method of claim 2, wherein the transaction processing request includes a transaction abandonment indicator.
  - 6. The method of claim 1, further comprising:
    - transmitting an identification token corresponding to the transaction identifier with the transmission of the one-time use payment processor encryption key to the merchant system; and
      
      receiving the identification token from the customer system together with the received personal account data.
  - 7. The method of claim 1, further comprising:
    - establishing a first secure data transfer link with the merchant system;
      
      wherein the one-time use payment processor encryption key and the transaction processing response transmitted to the merchant system and the authentication request and the transaction processing request received from the merchant system are transferred over the first secure data transfer link.
  - 8. The method of claim 1, further comprising:
    - initiating a session timer upon receiving the identification token and the personal account data from the customer system;
      
      wherein a transaction processing response representative of a time-out being generated upon expiration of the session timer without receiving the transaction processing request.

9. A method for securely processing an online transaction between a customer and a merchant, the method comprising:
- receiving from a customer system a transaction submission request for the online transaction including at least one purchase item identifier with a purchase price associated therewith;
  
  transmitting an authentication request to a payment processing system in response to the receipt of the transaction submission request, the authentication request including a transaction identifier associated with the specific received transaction submission request;
  
  receiving a one-time use payment processor encryption key from the payment processing system generated thereon in response to the received authentication request;
  
  transmitting a payment information form with the transaction identifier and the one-time use payment processor encryption key to the customer system, the payment information form being receptive to personal account data and transaction data;
  
  receiving the transaction data but not the personal account data entered into the payment information form on the customer system, the transaction data corresponding to the transaction identifier;
  
  transmitting to the payment processing system, in response to receiving the transaction data from the customer system, a transaction processing request including the transaction identifier; and
  
  generating a transaction processing response to the customer system based upon results for the transaction processing request to the payment processing system.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the payment information form includes a script with executable instructions for initiating encryption of the personal account data entered into the payment information page with the received encryption key.
  - 11. The method of claim 9, wherein the transaction processing response is a success message, the results for the transaction processing request from the payment processing system indicating a success.
  - 12. The method of claim 9, further comprising:
    - updating the merchant system upon a successful completion of the online transaction.
  - 13. The method of claim 9, wherein the transaction processing response is a failure message, the results for the transaction processing request from the payment processing system indicating a failure.

14. A method for securely processing an online transaction between a customer and a merchant, the method comprising:
- transmitting to a merchant system a transaction submission request for the online transaction including at least one purchase item identifier with a purchase price associated therewith;
  
  receiving a payment information form including a one-time use payment processor encryption key generated by a payment processing system and relayed through the merchant system, and further corresponding to a transaction identifier for the online transaction;
  
  receiving personal account data and transaction data entered into the payment information form;
  
  encrypting the personal account data with the received encryption key;
  
  transmitting the encrypted personal account data to the payment processing system;
  
  transmitting the transaction data but not the encrypted personal account data to the merchant system.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, wherein the payment information form includes a script with executable instructions for encrypting the personal account data entered into the payment information form with the received one-time use payment processor encryption key.
  - 16. The method of claim 14, further comprising:
    - receiving an identification token corresponding to the transaction identifier with along with the receiving of the one-time use payment processor encryption key from the merchant system; and
      
      transmitting the identification token from the customer system together with the transmitting of the personal account data.

17. An article of manufacture comprising a program storage medium readable by a data processing apparatus, the medium tangibly embodying one or more programs of instructions executable by the data processing apparatus to perform a method for securely processing an online financial transaction between a customer and a merchant, the method comprising:
- receiving from a customer system a transaction submission request for the online transaction including at least one purchase item identifier with a purchase price associated therewith;
  
  transmitting an authentication request to a payment processing system in response to the receipt of the transaction submission request, the authentication request including a transaction identifier associated with the specific received transaction submission request;
  
  receiving a one-time use payment processor encryption key from the payment processing system generated thereon in response to the received authentication request;
  
  transmitting a payment information form with the transaction identifier and the one-time use payment processor encryption key to the customer system, the payment information form being receptive to personal account data and transaction data;
  
  receiving the transaction data but not the personal account data entered into the payment information form on the customer system, the transaction data corresponding to the transaction identifier;
  
  transmitting to the payment processing system, in response to receiving the transaction data from the customer system, a transaction processing request including the transaction identifier; and
  
  generating a transaction processing response to the customer system based upon results for the transaction processing request to the payment processing system.
- View Dependent Claims (18)
- - 18. The article of manufacture of claim 17, wherein the payment information form includes a script with executable instructions for encrypting personal account data entered into the payment information form with the received one-time use payment processor encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Active Network Incorporated (Cvent Incorporated)
Original Assignee
The Active Network Incorporated (Cvent Incorporated)
Inventors
Schlesser, Joshua, Johnson, Douglas
Primary Examiner(s)
Augustin, Evens J

Application Number

US13/016,809
Publication Number

US 20120197807A1
Time in Patent Office

1,201 Days
Field of Search

705/35, 705/52, 705/60, 713/184
US Class Current

705/52
CPC Class Codes

G06Q 20/3829   involving key management

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

Secure online transaction processing

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure online transaction processing

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links