Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1998-12-29
2001-12-04
Trammell, James P. (Department: 2161)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C713S156000, C713S172000
Reexamination Certificate
active
06327578
ABSTRACT:
FIELD OF THE INVENTION
The invention disclosed broadly relates to computer networks and more particularly relates to electronic commerce.
BACKGROUND OF THE INVENTION
Electronic commerce is projected to grow at a high rate and this will have a significant impact on the financial industry. Estimates for 1998 are 700 million dollars worth of total revenues. Future growth promises $1 trillion by 2010. No financial institution will be left unaffected by the rapid growth of electronic commerce. One obstacle that can inhibit this growth, however, is the lack of secure electronic payments. Consumers and merchants are wary of transmitting their payment information over open networks such as the Internet and this caution affects the interest of merchants and financial institutions.
The technology of electronic commerce has adopted a number of terms that need to be defined in order to discuss the prior art and the invention. A short glossary of such terms follows.
Acquirer—The financial institution (or an agent of the financial institution) that receives from the merchant the financial data relating to a transaction authorizes the transaction, obtains the funds from the issuer, and pays those funds into a merchant financial account. The acquiring institution can act as its own merchant certificate authority (MCA) or can contract with a third party for service.
Authentication—In computer security, the process used to verify the identity of a user or the user's eligibility to access an object; verification that a message has not been altered or corrupted; a process used to verify the user of an information system or protected resources.
Authorization—In payment card systems, the process used to verify that a credit or debit account is valid and holds sufficient credit or funds to cover a particular payment. Authorization is performed before goods or services are provided, in order to ensure that the cardholder credit can support payment.
Browser—A computer program that allows a user to read hypertext messages such as HTML pages on the World Wide Web.
Capture—In payment card systems, the process used by a merchant to claim payment from an issuing bank via an acquiring bank. Capture is performed after goods and services are provided. Optionally, capture may be combined with authorization in the case where goods or services are provided at the time of authorization.
Cardholder—A person who has a valid payment card account and uses software that supports electronic commerce. Also known as a shopper, online shopper, consumer, or buyer.
Certificate—A document issued by a trusted party that serves as physical evidence of the identity and privileges of the holder. Usually used as synonymous with an electronic certificate or digital certificate since an actual document is of little value in a world of electronic commerce.
Certificate authority (CA)—an organization that issues certificates. The CA responds to the actions of a Registration Authority (RA) and issues new certificates, manages existing certificates, renews existing certificates, and revokes certificates belonging to users who are no longer authorized to use them.
Certificate chain—a hierarchy of trusted digital certificates that can be “chained” or authenticated back to the “chain's” ultimate trust level—the top of the hierarchy called the “root certificate.”
Digital certificate—An electronic document digitally signed by a trusted party. The digital certificate binds a person's or entity's unique name to a public/private key pair.
Digital signature—Data that is appended to, or is a cryptographic transformation of, a data unit. Digital signature enables the recipient of the data unit to verify the source and integrity of the unit and to recognize potential forgery.
Digital wallet or Consumer wallet—Software that works like a physical wallet during electronic commerce transactions. A wallet can hold a user's payment information, a digital certificate to identify the user, and shipping information to speed transactions. The consumer benefits because his or her payment information is handled securely and because some wallets will automatically input shipping information at the merchant's site and will give the consumer the option of paying by digital cash or check. Merchants benefit by receiving protection against fraud. The wallet is used to protect and store credit/debit information, protect the transmission of that information to only the people that are authorized to see it and to authenticate the cardholder.
Issuer—a financial institution that issues payment cards to individuals. An issuer can act as its own cardholder certificate authority (CCA) or can contract with a third party for the service.
Key pair—In computer security, a matched set of public and private keys. When used for encryption, the sender uses the public key half to encrypt the message, and the recipient uses the private key half to decrypt the message. When used for signing, the signer uses the private key half to sign a message, and the recipient uses the public key half to verify the signature.
Merchant server—a Web server that offers cataloged shopping services. The equivalent to a physical store.
Password—For computer or network security, a specific string of characters entered by a user and authenticated by the system in determining the user's privileges, if any, to access and manipulate the data and operations of the system.
Payment card—a credit card or debit card that is issued by a financial institution and shows a relationship between the cardholder and the financial institution.
Registration authority (RA)—An organization or person authorized or licensed to authenticate a certificate requestor's identity and the services that the requester is then authorized to use. The RA approves requests so that certificates can be issued, renewed, updated, or revoked by a CA. The RA is usually a credit officer of an issuing or acquiring bank and approves the certificate requests for its members.
Secure Sockets Layer—A security protocol that allows the client to authenticate the server and all data and requests to be encrypted. SSL offers a very limited trust model and a secure link between client and server.
Thin wallet—generally the digital wallet program resides on the user's PC, but a “thin” wallet places some of the wallet function on a server, thereby reducing the program size on the user's PC and enabling an easier modification of the wallet's features.
Trusted Root—the base or top level certificate that provides the basis for the trusted hierarchy.
The prior art SET Secure Electronic Transaction™ (trademark and service mark owned by SET Secure Electronic Transaction LLC) protocol has been developed as a method to secure bankcard transactions over public networks. SET is an open standard, multi-party protocol for conducting secure bankcard payments over the Internet. SET provides message integrity, authentication of all financial data, and encryption of sensitive data.
SET is a 3-party protocol involving a cardholding consumer, a merchant, and a payment gateway operating on behalf of the acquiring bank, as shown in FIG.
1
. When a consumer is ready to buy something from a merchant on the internet using a credit or debit card, the consumer's computer
102
sends a consumer payment request over internet path
120
to the merchant's computer
104
, in a first step. The merchant's computer
104
forwards the consumer's payment request over internet path
122
during a second step to an acquirer gateway
106
operating on behalf of the acquirer bank
108
. The acquirer gateway
106
passes the consumer's payment request to the acquirer bank
108
over a private network path
122
′. The acquirer bank
108
sends the consumer's payment request to the card issuing bank
112
over the private network path
124
to check whether the consumer's credit or debit card account is active and sufficient for the proposed transaction with the merchant. The issuing bank
112
, as the car
Elisca Pierre E
International Business Machines - Corporation
Morgan & Finnegan , LLP
Redmond, Jr. Joseph C.
Shofi David M.
LandOfFree
Four-party credit/debit payment protocol does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Four-party credit/debit payment protocol, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Four-party credit/debit payment protocol will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2563165