Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1999-12-23
2004-03-02
Trammell, James P. (Department: 3621)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S001100, C705S026640, C705S039000, C705S050000, C705S064000, C705S067000
Reexamination Certificate
active
06701303
ABSTRACT:
BACKGROUND OF INVENTION
(1) Field of Invention
This invention relates to E-commerce systems and method of operation. More particularly, the invention relates to an E-commerce system and method of operation enabling a user to conduct transactions with multiple retailers without certification and/or trusted electronic paths.
(2) Background Discussion
In today's environment, Internet Purchasing is one of the activities under the umbrella term of “E-commerce.” The purchase follows the model of a catalog sale where the end user connects to a supplier, views a catalog, identifies an item and offers a payment method to complete the purchase. Payment methods include open accounts and credit card payments. The latter requires a credit card number and personal information furnished to the retailer. To secure this information, the transaction is typically encrypted using well known Internet standards such as Secure Socket Layer (SSL) and/or Secure Hypertext Transfer Protocol (SHTTP). These methods secure the data link between the end user and retailer. Another part of security involves authentication to ensure the transaction parties are the parties they are supposed to be. To accomplish authentication, users and retailers register with a third party authority which issues digital certificates. The certificates are guaranteed by the third party to identify the party they are supposed to be. Thus, in a catalog sale a retailer presents a certificate that authenticates the retailer and the user presents a certificate that authenticates the user, and the sale can proceed to the satisfaction of the parties. However, since each of the transaction parties must process the digital certificates as well as run an encryption application for the data link, a significant amount of processor resources are dedicated to handling the transaction. Moreover, a significant percentage of a bandwidth link is dedicated to encryption overhead rather than payload data. The problem is compounded for an E-commerce server which is required to conduct many concurrent sessions and data stream with end users. What is needed in the art is an E-commerce system and method of operation for minimizing (a) user software requirement and bandwidth utilization for E-commerce activities; (b) digital certification; (c) trusted electronic paths, and (d) any similar activities where the end user has multiple exchanges with host systems where the parties may or may not be the party claimed to be.
SUMMARY OF THE INVENTION
An object of the invention is an improved Ecommerce system and method of operation which minimizes digital certificates and trusted electronic paths in conducting electronic transactions.
Another object is an improved E-commerce system and method of operation which minimizes bandwidth requirements from a security standpoint in conducting electronic transactions.
Another object is an improved E-commerce system and method of operation which minimizes trusted electronic paths in conducting electronic transactions.
Another object is an electronic and improved E-commerce system and method of operation which eliminates digital certificates for users conducting electronic transactions.
These and other objects, features and advantages are achieved in an E-commerce system and method of operation which enables an end user to conduct electronic transactions with a retailer without certification and/or trusted paths. A distributed information network connects the end user to multiple retailers and to a unified banking source. The user establishes an account with bank for receiving and recording electronic transactions entered into by the user with retailers. In one embodiment, both the bank and the retailer obtain digital certificates from a third party who guarantees that the bank or retailer parties claimed to be in their respective certificates. The user does not obtain a digital certificate for conducting transactions with the retailer or the bank. In operation, the end user accesses the retailer site on the network for the purchase of goods or services after establishing a session. At the end of the session, the user indicates a payment preference, preferably by “check”. The “check” includes the end user's name, account number and bank that will eventually cash the “check”. The “check” is a data message and not a regular banking check. The retailer exchanges digital certificates with the bank and posts a request for payment message supplying the “check” containing the end user name; account number and amount of the cost of goods or services. The bank accepts the message as a “pending transaction” but the user's account is not debited. Later on, the end user accesses the bank using a secure path and without a digital certificate. The end user is presented with a list of pending payment requests representing purchase authorizations originated by the user and provided to the retailer. The end user approves or disapproves each payment request based on the recognition of a specific transaction (item, retailer and amount, etc.). Accordingly, no purchase authorization occurs by anyone except the user and then based on specific knowledge. After user approval, the bank makes payment to the retailer based on the retailer's digital certificate. In another embodiment, the end user establishes a unified banking source and obtains a unified banker ID (UBID). Several options are available to the end user in dealing with a retailer, none of which require a digital certificate or trusted path except between the end user and the bank at the option of the bank. In one option, a user visits or sends a message to a retailer indicating an intent to purchase goods or services and providing UBID information. The retailer transmits the purchased information and UBID information to the retailer bank. The retailer bank sends a message to the unified banker representing a request to pay for the goods or service purchased by the user. The unified bank collects payment requests from multiple retailers and waits for the user to review the list of purchases for payments. After payment authorization by the user, the unified bank notifies the retailer's bank and includes a payment for the approved purchases. The payment to the retailer bank can be made electronically and the retailer can be informed of an approved purchase. Alternatively, the payment can be made to the retailer through conventional payments not employing any electronic transfer. In still another embodiment, transactions between the user and retailer can be with immediate authorization of payment) Again, the user sends a message to the retailer indicating an intent to purchase goods or services and carrying UBID information. The retailer sends a message to bank with the purchase information and UBID information. The unified bank prompts the user with an immediate requests for authorization. The user sends a message to the unified bank through a secure path which is established at the start of a shopping session between the user and the unified bank either by explicit user command or triggered by a software program involved in a communication. The user unified bank communication can also be established via a trigger associated with the message from the unified bank. After receiving payment authorization, the unified bank initiates a message to the retailer bank or to the retailer with payment.
REFERENCES:
patent: 5534857 (1996-07-01), Laing et al.
patent: 5677955 (1997-10-01), Doggett et al.
patent: 5710889 (1998-01-01), Clark et al.
patent: 5715314 (1998-02-01), Payne et al.
patent: 5737619 (1998-04-01), Judson
patent: 5889862 (1999-03-01), Ohta et al.
patent: 5974146 (1999-10-01), Randle et al.
patent: 6230148 (2001-05-01), Pare, Jr. et al.
patent: 07319982 (1995-12-01), None
Smart Card Quarterly: EFT Report, Mar. 11, 1998, v21, n5.*
http://www1.fatbrain.com/asp/bookinfo—Digital Certificates: Applied Internet Security by Feghhi et al.
http://www.starnine.com/webstar/authorities.html—Starnine “SSL Certifying Authorities”.
Dunn James M.
Stern Edith H.
Willner Barry E.
Hewitt Calvin L
International Business Machines Corp.
Morgan & Finnegan , LLP
Redmond, Jr. Joseph C.
Trammell James P.
LandOfFree
E-commerce system and method of operation enabling a user to... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with E-commerce system and method of operation enabling a user to..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and E-commerce system and method of operation enabling a user to... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3288775