Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1999-08-12
2004-01-06
Trammell, James P. (Department: 3621)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S064000, C705S067000, C705S075000, C705S076000, C713S156000, C713S150000, C713S155000
Reexamination Certificate
active
06675153
ABSTRACT:
The present invention relates generally to electronic commerce and more particularly to a method and apparatus for electronic transaction authorization over a network.
BACKGROUND
One problem regarding Internet e-commerce is that purchasers are generally required to provide personal and confidential information, such as charge card information and charge card billing data to an Internet merchant when purchasing goods or services from that merchant. The merchant, in turn, uses this information to obtain a transaction approval from a charge card authorization processor. The transmission of data from a purchaser's computer or terminal to the merchant Web site is generally protected by encryption.
However, once under the control of a merchant Web site, this personal data can be sold, rented, or otherwise used for commercial gain. Further, the storage and handling of this sensitive data by computer personnel at the merchant site may lead to unauthorized distribution of the data. Internet merchant sites are targets for hackers who may be able to obtain access to this data. In certain instances, accidental release of the data has been made by errors in the software programs that operate a given Web site. A purchaser who has had personal or charge card information compromised may then be the victim of unauthorized use of their charge cards or, in more severe cases, complete theft of their identity.
Another problem is the fraudulent use of charge cards. Since it is difficult to determine the identity of a remote purchaser, particularly as it relates to ownership of a given charge card, fraudulent charge card use has become popular on the Internet.
An additional problem is the use of E-mail addresses or real billing addresses obtained by a merchant during a purchase transaction. The merchant may continue to send unwanted solicitations to the purchaser long after a transaction is completed. In some cases, the abuse of the E-mail address may include sending the E-mail address to other parties, who may also send unwanted solicitations or “spam” to the purchaser.
SUMMARY OF THE INVENTION
A distributed real-time software application (referred to herein as “ZixCharge”) is provided that allows consumers to authorize transactions in a secure, private, and convenient manner for the purchase of goods and services over the Internet. The major architectural features of the ZixCharge system include a central repository of consumer data, a charge slip user interface, ZixCharge Web site application interface (hereinafter, ZAPI), a centralized approval service, a worldwide signature server and Internet shopping mall (referred to herein as “ZixMall”).
The ZixCharge system provides a central repository of consumer charge card information. Each charge card is linked to a specific E-mail address and digital signature. This information is normally provided by card issuing financial institutions and others, but can be entered under certain circumstances directly by consumers. The data is provided by a reputable source (either a card issuer or an individual each of which can be authenticated) that can irrefutably link a consumer's identity with their charge card information. The central repository is used to obtain a charge authorization without providing any personal information to the merchant.
The ZixCharge system provides a charge slip interface that allows a consumer to digitally sign for a purchase—just as the consumer would do in a retail store. The charge slip can be initiated by the merchant site, and can include the merchant logo, detailed purchase information, merchant advertising, and other information. The charge slip interface can be used by a consumer to select the payment type (if appropriate), shipping address options, and a method for merchant communications regarding the purchase. Once digitally signed, the charge slip information, including a certified time-stamp, is returned to the merchant Web site, but it cannot be opened or read there. It is fully encrypted so that only the ZixCharge central repository can read it.
The ZixCharge system includes a merchant to consumer interface, ZAPI, that resides on the merchant Web site. ZAPI provides all communication services between the merchant and the consumer during the charge slip portion of an authorization, and between the merchant and the central repository. ZAPI can be configured to offer a consumer who has failed an authorization, due to credit limits or other causes, the opportunity to select a different payment type in order to complete the transaction. After a transaction is approved, ZAPI provides the merchant with approval and shipping information. The merchant system can complete the transaction and fulfillment just as if the approval had been obtained directly by the merchant. ZAPI also ensures the transaction's validity. ZAPI combines three items, a certified time-stamp, the “hash” of the charge slip information and the returned encrypted charge slip from the consumer. ZAPI digitally signs the combination with the merchant's digital signature before sending the transaction to the central repository.
The ZixCharge system provides charge approval services at the central repository. All incoming charge slips are decrypted, validated by the previously mentioned “hash,” and authenticated by verifying the digital signatures of both the merchant and the consumer. The central repository formats an authorization message containing the required information to obtain a charge card authorization on behalf of both the consumer and the merchant and then forwards the-message to a charge card processor, normally over dedicated communication lines. Upon receiving approval, or not, for the authorization, the central repository sends the authorization information back to ZAPI at the merchant Web site. If a successful authorization has been obtained, the returned information will include any consumer authorized shipping information. E-mail communications for any transaction specific information is normally sent to the central repository and then forwarded to the consumer. This process allows the consumer to keep their respective E-mail address private. The merchant is also given a ZixCharge member ID. This enables the merchant to aggregate transactions for marketing purposes and to communicate with the consumer through the ID, but still protects the consumer's actual identity. The consumer can optionally block the forwarding of messages sent to the member ID.
The ZixCharge system utilizes a worldwide signature. server (central key server). The central key server, which can be distributed, allows the ZixCharge system to instantly authenticate both the merchant and the consumer in a transaction. The central key server further ensures that a given digital signature has not been revoked, suspended, changed or deleted. The central signature server also responds to requests for and issues certified time-stamps. The time-stamp certificate can be self-authenticated (authenticated by at least one signature whose public key is known) and is impossible to tamper with or change. This provides further authentication and validation.
The ZixCharge system can include an optional Internet shopping portal (referred to hereafter as the “ZixMall”). Merchants who accept payment, or allow other types of transaction authorizations, using the ZixCharge system, may be listed in the ZixMall. When consumers shop through the ZixMall, they are assured that the merchant respects their privacy and is willing to sell merchandise or services to them without collecting unnecessary personal information.
Aspects of the invention can include one or more of the following advantages. A distributed real-time software application (referred to herein as “ZixCharge”) is provided that allows consumers to authorize transactions in a secure, private, and convenient manner for the purchase of goods and services over the Internet. The system allows consumers to complete purchase transactions without merchants obtaining personal and charge card information from the consumer.
Cook David P.
Liu Gary G.
Fish & Richardson P.C.
Trammell James P.
Worjloh Jalatee
Zix Corporation
LandOfFree
Transaction authorization system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Transaction authorization system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Transaction authorization system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3212291