Methods and apparatus for conducting electronic transactions
First Claim
Patent Images
1. A method comprising:
- sending, by a user device and to a first server, a logon request, the logon request being forwarded to a second server;
receiving, by the user device from the first server, a first challenge generated by the second server in response to the forwarded logon request;
sending, by the user device to the first server, a challenge response, the challenge response generated in response to receiving the first challenge and a second challenge generated for an intelligent token, wherein the challenge response is based on both the first and second challenges, and wherein the challenge response is sent by the first server to the second server, the intelligent token being verified by the second server;
receiving, by the user device from the first server, at least a portion of credentials assembled by the second server in response to the verification of the intelligent token by the second server and being sent by the second server to the first server, the verification being based on the challenge response, the portion of the credentials comprising a key and the credentials associated with the user device;
sending, by the user device to the first server, an authentication request for validation and authorization of a transaction, the authentication request being forwarded from the first server to the second server; and
receiving, by the user device from the first server, an approval message having been sent by the second server to the first server, the approval message indicative of the validation and authorization of the transaction, the validation and authorization performed by the second server in response to receiving the authentication request from the first server, wherein in response to the approval message, the user device is allowed to proceed with the transaction.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a server on a network that conducts all or portions of the transaction on behalf of the user. In various embodiments a wallet server interacts with a security server to provide enhanced reliability and confidence in the transaction. In various embodiments, the wallet server includes a toolbar. In various embodiments, the digital wallet pre-fills forms. Forms may be pre-filled using an auto-remember component.
355 Citations
20 Claims
-
1. A method comprising:
-
sending, by a user device and to a first server, a logon request, the logon request being forwarded to a second server; receiving, by the user device from the first server, a first challenge generated by the second server in response to the forwarded logon request; sending, by the user device to the first server, a challenge response, the challenge response generated in response to receiving the first challenge and a second challenge generated for an intelligent token, wherein the challenge response is based on both the first and second challenges, and wherein the challenge response is sent by the first server to the second server, the intelligent token being verified by the second server; receiving, by the user device from the first server, at least a portion of credentials assembled by the second server in response to the verification of the intelligent token by the second server and being sent by the second server to the first server, the verification being based on the challenge response, the portion of the credentials comprising a key and the credentials associated with the user device; sending, by the user device to the first server, an authentication request for validation and authorization of a transaction, the authentication request being forwarded from the first server to the second server; and receiving, by the user device from the first server, an approval message having been sent by the second server to the first server, the approval message indicative of the validation and authorization of the transaction, the validation and authorization performed by the second server in response to receiving the authentication request from the first server, wherein in response to the approval message, the user device is allowed to proceed with the transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An article of manufacture including a non-transitory computer readable medium having instructions stored thereon that, in response to execution by a user device, cause the user device to perform operations comprising:
-
sending, by the user device and to a wallet server, a logon request, the wallet server forwarding the logon request to a security server; receiving, by the user device from the wallet server, a first challenge generated by the security server in response to the logon request; sending, by the user device to the wallet server, a challenge response, the challenge response generated in response to receiving the first challenge and a second challenge generated for an intelligent token, wherein the challenge response is based on both the first and second challenges, and wherein the challenge response is sent by the wallet server to the security server, the intelligent token being verified by the security server; receiving, by the user device from the wallet server, at least a portion of credentials assembled by the security server in response to the verification of the intelligent token by the security server and being sent by the security server to the wallet server, the verification being based on the challenge response, the portion of the credentials comprising a key and the credentials associated with the user device; sending, by the user device to the wallet server, an authentication request for validation and authorization of a transaction, the authentication request being forwarded from the wallet server to the security server; and receiving, by the user device from the wallet server, an approval message having been sent by the security server to the wallet server, the approval message indicative of the validation and authorization of the transaction, the validation and authorization performed by the security server in response to receiving the authentication request from the wallet server, wherein in response to the approval message, the user device is allowed to proceed with the transaction.
-
-
20. A user device comprising:
-
a non-transitory memory communicatively coupled to a processor, the memory having instructions stored thereon that, in response to execution by the processor, cause at least; sending, to a wallet server, a logon request; receiving a first challenge generated by a security server in response to receiving the logon request from the wallet server; sending a challenge response to the wallet server, the challenge response generated in response to receiving the first challenge and a second challenge generated for an intelligent token, wherein the challenge response is based on both the first and second challenges, and wherein the challenge response is sent by the wallet server to the security server, the intelligent token being verified by the security server; receiving at least a portion of credentials assembled by the security server in response to the verification of the intelligent token by the security server and being sent by the security server to the wallet server, the verification being based on the challenge response, the portion of the credentials comprising a key and the credentials associated with the user device; sending an authentication request to the wallet server for validation and authorization of a transaction, the authentication request being forwarded from the wallet server to the security server; and receiving from the wallet server an approval message having been sent by the security server to the wallet server, the approval message indicative of the validation and authorization of the transaction, the validation and authorization performed by the security server in response to receiving the authentication request from the wallet server to the security server, wherein in response to the approval message, the user device is allowed to proceed with the transaction.
-
Specification