Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
2000-09-21
2004-06-08
Trammell, James P. (Department: 3621)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S064000, C705S070000, C705S069000, C705S074000, C705S021000
Reexamination Certificate
active
06748367
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention generally relates to a method and system for effecting transactions over any public network such as the Internet, wireless network, or any other medium of non-secure communication without submission of private information, credit card and other personal information.
2. Problem to be Solved
E-commerce catalog shopping represents an increasing part of the economy. The growth in its popularity can in part be explained because consumers have learned that goods purchased from a catalog are often much less expensive than if purchased through a normal retail store. In addition, because a customer can shop without leaving the comfort of home or office, placing an order for merchandise from a catalog makes much more efficient use of the customer's time.
Shopping for goods and services using a personal computer to place an order on a network is a natural extension to the more traditional catalog shopping, since the customer enjoys these same benefits. The CompuServe network and other private networks have long offered members the opportunity to browse through on-line “Electronic Shopping Malls” and place orders for goods shown and described therein. New opportunities for shopping via personal computer arise daily as more people gain access to the Internet network, with its inter-connectivity and easy access through the World Wide Web or E-mail. Such: transactions conducted over the Internet are also referred to as “E-commerce transactions”.
A credit card facilitates making purchases via telephone or over the network. However, users are justifiably concerned about placing orders for merchandise on networks such as the Internet, for example via E-mail, because of the lack of secure communications. Although there are many implementations of security measures on the Internet, unauthorized third parties have still penetrated these security measures and gained access to credit card data, social security numbers or other personal information transmitted over the network. Once a dishonest person has the credit card number, thousands of dollars can be improperly charged to the customer's credit card account.
One solution to this problem is for the customer to enter, for delivery over the network, an order that does not include the customer's credit card number. To complete the order, the customer must then call the merchant on an 800 telephone number, for example, to provide the credit card number. However, this method does not enable the credit card data to be readily associated with and entered into the order previously placed by the customer. Errors in the order can easily arise. For example, the customer's credit card number can be assigned to the wrong order. Furthermore, telephone transactions are also vulnerable to the same security and user privacy issues as described above for Internet transactions. In addition, there is usually a considerable delay to further inconvenience the customer while a clerk asks the customer other questions that will help to ensure the correct match between an order that was previously transmitted and the customer's credit card number given over the phone.
A similar approach for placing an order in current use is initiated when a customer sends an order,-without credit card information, to a merchant over a non-secure network. After receiving the order, the merchant's clerk or an automated system sends an E-mail message to the customer containing an order number that uniquely identifies the order. Upon receiving the E-mail message, the customer dials a telephone number that connects to the merchant's facilities. In response to prompting from an automated attendant, the customer enters the unique order number and correct credit card number for billing the order on a touch-tone telephone (assuming that the customer has placed the call on this type of phone). The order number is used to match the correct order with the customer's credit card number. However, this method requires that the customer retain the unique order number assigned by the merchant for entry during the subsequent phone call.
Another approach to solving this problem is to encrypt the credit card information included in an order placed on a public network. Using the encrypted credit card data, an order can be completed in a single transaction. However, virtually all of the encryption schemes thus far developed for protecting such sensitive data have drawbacks. For example, most encryption schemes require the use of an encryption key that is known only to the party encrypting information and to the intended recipient of the information who will decrypt it. The secure distribution and safeguard of such encryption keys adds too much complexity to network shopping transactions and will likely not be readily accepted by customers. While it is possible to embed an encryption key in an application designed to take an order and transmit it over the network, the embedded encryption key can be discovered by others who may then misuse it. Even public key encryption systems require use of a “private” key that should not be disclosed to others. In addition, and perhaps more importantly, the software required for any encryption system must be distributed to prospective customers before the system can be used to transfer credit card data when a customer places an order. The widespread dissemination of such software will likely not occur for some time. Even if the consumer's financial information is securely transferred to the vendor over the Internet, the consumer has submitted a substantial amount of personal information to a stranger. This personal information is often resold to other firms that send unsolicited e-mail, phone calls and junk mail. Internet commerce, as a business environment, will not grow as expected if consumers perceive unknown vendors as untrustworthy.
A new method for making payment over a public network is needed that enables a customer to place an order or make a simple fund transfer without submitting financial data, credit card numbers and other personal information. The financial data transaction should be automated for optimum efficiency and to minimize the time required for the customer to complete the transaction. The present invention represents a workable solution to this problem that is relatively efficient, secure and foolproof.
SUMMARY OF THE INVENTION
The present invention is directed, in a first aspect, a method for effecting a financial transaction over a public network without the submission of sensitive information, comprising the steps of:
a) providing an apparatus comprising (i) a common controller in data communication with at least one public network, the common controller having user and transaction databases and a processor for generating digital tokens, each digital token representing a particular monetary value and containing a particular digital signature and alterable digital token status data indicating ownership of the digital token, and (ii) a plurality of user data communication interfaces in data communication with the public network;
b) establishing user accounts in the user databases of the common controller;
c) transmitting to the common controller a user identification and PIN to obtain access to the common controller;
d) authenticating the user identification and PIN to determine whether access to the common controller is permitted;
e) generating an application level secure communication channel through which all data communication is to be effected;
f) transmitting data representing a template of an automated teller machine to the user data communication interface of a first user whose identification PIN was authenticated;
g) initiating a financial transaction between the first user and a second user by using the automated teller machine of step (f) to transmit a request to the common controller to effect a transfer of a monetary sum to a destination account;
h) generating a temporary account identified by an account number for t
Backer Firmin
Nuzzo Raymond A.
Trammell James P.
LandOfFree
Method and system for effecting financial transactions over... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for effecting financial transactions over..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for effecting financial transactions over... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3296488