WO2001011515A2 - Method and system for making anonymous electronic payments on the world wide web - Google Patents
Method and system for making anonymous electronic payments on the world wide web Download PDFInfo
- Publication number
- WO2001011515A2 WO2001011515A2 PCT/US2000/014603 US0014603W WO0111515A2 WO 2001011515 A2 WO2001011515 A2 WO 2001011515A2 US 0014603 W US0014603 W US 0014603W WO 0111515 A2 WO0111515 A2 WO 0111515A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- cash card
- computer
- based method
- payment
- server
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/342—Cards defining paid or billed services or quantities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/28—Pre-payment schemes, e.g. "pay before"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/343—Cards including a counter
- G06Q20/3433—Cards including a counter the counter having monetary units
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/02—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/02—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices
- G07F7/025—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices by means, e.g. cards, providing billing information at the time of purchase, e.g. identification of seller or purchaser, quantity of goods delivered or to be delivered
Definitions
- This invention generally relates to electronic commerce on the World Wide Web (the "Web") and, more particularly, to methods and systems for making anonymous electronic payments on the Web.
- the Web has evolved into a new commercial environment with enormous potential. Fueled by its universal appeal, instant and worldwide access, ease of use and low cost of operation, the Web has been the location of choice for a surprising number of merchants, vendors and service providers alike.
- the current payment method of choice for the majority of on-line shops is credit cards.
- credit cards Although the use of credit cards is a convenient and commercially accepted method of payment, the use of credit cards presents a variety of problems for users and merchants alike.
- merchants have to pass an account setup screening process similar to the one users have to pass; this is mainly because of the relaxed security measures used by credit cards. But in addition to the setup costs, transaction costs and constant fear of being denied their payments due to fraudulent credit card use, merchants have to endure detailed accounting of their credit card payments, process payments in a physical manner, initiate and maintain communication with a clearing house and, in general, put a lot of time and effort into a single transaction. All of this adds up to a very high per- transaction cost.
- CyberCash CyberCash makes software for secure financial exchanges via the Internet.
- CyberCash acts as a gatekeeper linking the Internet to bank networks using security based on cryptographic authentication and encryption.
- the user sends CyberCash their credit-card number or bank account information, and CyberCash gives them an "electronic wallet” that records their transactions over the Internet, encrypts the payment, and sends it to the merchant.
- instabug model the user establishes a pre-paid instabug account. Buyers hit the "pay” button on the World Wide Web page to transfer the funds from their accounts to the merchant's CyberCoin cash register.
- DigiCash's electronic cash is paperless money that can be transferred on the Internet.
- a computer user withdraws eCash electronically from a bank that also subscribes to the system.
- the digital dollars are stored on the user's hard drive and can then be used in a transaction with an on-line merchant who accepts eCash.
- eCHARGE DigiCash's electronic cash
- a user chooses a product at a web page where eCHARGE is available, where the freely available eCHARGE software automatically downloads and connects the user's computer to a 1-900 number. Charges for the product later appear on the monthly local telephone bill. E-cash
- E-cash is an instantiation of DigiCash's eCash which is used in conjunction with the Mark Twain Bank to allow "authentication" of digital cash withdrawals from bank accounts.
- a software program enables storing the withdrawn digital cash on the user's computer hard disk. This stored “cash” can then be transferred to a seller's machine.
- participants must set up a World Currency account provided by the Mark Twain Bank.
- First Virtual Holdings To use the First Virtual Holdings system the user opens an account and is given an Identification (ID) number which is sent to the merchant via e- mail. The merchant forwards the e-mail to First Virtual to verify the user's ID number. First Virtual then sends an e-mail message to the user to verify the transaction.
- First Virtual performs the actual transfers over a private off-line network using Electronic Data Systems (EDS).
- EDS Electronic Data Systems
- Web900 service for access and services directly to their phone bill.
- the Web900 Instruction Page on the merchant's web page tells users how to dial an appropriate iBill-maintained 900 telephone number to pay for their purchase.
- iBill's automated voice system reads out a series of numbers. The user then returns to the merchant's site and enters these numbers in order to redeem their purchase.
- Millicent offered by the Digital Equipment corporation, is electronic "scrip" in the form of a signed message carrying a serial number and an expiration date.
- An authorized broker will buy Millicent scrip from one or more merchants at a volume discount and then sell it to users, who will receive and then spend it over the Internet.
- NetBill is an alliance between Carnegie Mellon University and Visa, designed to allow information to be bought and sold over the Internet. Users deposit money into a NetBill account which is drawn upon by NetBill when purchases are made.
- Secure Electronic Transactions is a system designed by MasterCard and Visa to allow secure credit card transactions over the Internet.
- the system requires credit card clearing houses, merchants and users to download and install the appropriate software.
- the credit card information is sent encrypted between the user and the merchant and is verified at the clearing house, without exposing it to other users of the Internet or to the merchant himself.
- Digital signatures authenticate each transaction for future auditing.
- the on-line market therefore, still lacks a simple and easy-to-use "click-and-pay" method and system of making electronic payments which promotes spur-of-the-moment purchases and payment habits and which affords anonymity, security and accountability.
- the invention is directed to a simple and easy-to-use method and system of making electronic payments on the Web that provides anonymity, security and accountability.
- the computer-based method for making payments on the Web includes the steps of purchasing a pre-paid stored value card ("cash card”) including a card identification number for a predetermined amount of money at a point of sale; logging on to a cash-card web server to establish a Personal Security Code (User PIN); logging onto a Web merchant; selecting an item to be purchased; and entering the card identification number and the User PIN, wherein the cost of the item is subtracted from the predetermined amount on the cash card.
- a pre-paid stored value card (“cash card”) including a card identification number for a predetermined amount of money at a point of sale
- User PIN Personal Security Code
- logging onto a Web merchant selecting an item to be purchased
- entering the card identification number and the User PIN wherein the cost of the item is subtracted from the predetermined amount on the cash card.
- Figure 1 is a block diagram of a communication model in accordance with an embodiment of the invention for conducting electronic commerce
- Figure 2 depicts a flow chart of the steps performed when performing a sale at the point-of-sale (POS) in accordance with methods and systems of the present invention
- Figure 3 depicts a flow chart of the steps performed when signing up an on-line merchant in accordance with methods and systems of the present invention
- Figure 4 is a flow chart of an on-line payment process in accordance with methods and systems of the present invention.
- Figure 5 depicts a more detailed diagram of the server depicted in Figure 1.
- Methods and systems consistent with the present invention enable users to buy pre-paid cards at, for example, a convenience store, activate their card by selecting a PIN at a specified server, click on a payment button at their site of choice, and enter their card number.
- the computer-based methods and systems consistent with the present invention offer user anonymity (via the anonymous purchasing channel), accountability, simplicity, speed of use, and the ability to accept micropayments.
- the invention provides many advantages over the current systems as described below by combining electronic verification, which is the minimum requirement for on-line payments, with a physical distribution-based pre-paid cash card, which is the most convenient way of distributing value.
- the invention makes electronic verification more efficient, and by combining electronic verification with pre-paid cash cards, the invention provides a convenient and efficient method and system of making electronic payments on the Web.
- the pre-paid cash cards allow payments on the Web without requiring an account to be set up and offer anonymity to the users. Further, no account-opening or software download procedure is required of the users. This allows every user to shop, and promotes "spur-of the- moment" purchasing behavior, which is a significant advantage for on-line shopping.
- the Web is a globally connected network and operates on a client/server model.
- a user runs a Web client on a computer called a Web browser such as MOSAIC®, NETSCAPE® or INTERNET EXPLORER®.
- the Web client contacts a Web site on a server and requests information or resources.
- the server locates the information and then sends the information to the Web browser, which displays the results.
- a user makes an Internet connection and launches a
- Web browser When users surf the Web, they view multimedia home pages (Web pages) composed of text, graphics and multimedia content, such as sound and video in a browser.
- Web pages multimedia home pages
- the user may enter a Universal Resource Locator (URL) in the browser specifying a location (server) to visit.
- URL Universal Resource Locator
- the user may also "click" on a link to forward the user to a new location.
- the server When a server finds the requested home page, document, or object, the server sends the information back to the Web browser.
- a Web browser displays information by interpreting the Hypertext Markup Language (HTML) used to build home pages.
- HTML Hypertext Markup Language
- the coding in the HTML files tells the browser how to display the text, graphics, links and multimedia files on the home page.
- the HTML file that the browser receives from the server does not have graphics, sound, multimedia files and other resources on it. Instead, the HTML file contains HTML references to those graphics and files. The browser may use the references in the HTML file to find the files on servers, and display it as a home page in the browser.
- the Web browser typically runs application programs that are written in JAVA®, a computer language developed by SUN MICROSYSTEMS®.
- JAVA® is a programming language that allows programmers to create interactive programs and add multimedia features to home pages.
- JAVA® is object-oriented. Object-oriented programming languages are created by preexisting components, instead of having to write the entire program from scratch.
- NETSCAPE is an example of a Web browser capable of running JAVA® programs. JAVA® programs that run at the client inside a browser are called "applets," such as new stickers which run across Web pages, and animations.
- public-key cryptography In secret-key cryptography, only one key is used to encrypt and decrypt messages. Both the sender and receiver need copies of the same secret key.
- public-key cryptography uses two keys (a public key and a private key). Each user (sender and recipient) has both a public key and a private key. The public key is made freely available, while the private key is kept secret on the user's computer. The public key can encrypt messages but only the private key can decrypt messages that the public key has encrypted. If a sender wants to send a message to a recipient, for example, the sender may encrypt the message with the recipient's public key. But only the recipient, with the private key, could decrypt and read the message. The public key could not decrypt the message.
- PGP Pretty Good Privacy
- Methods and systems consistent with the present invention disclose a communication model, underlying cryptographic algorithms, and system requirements that are simple to use while ensuring security, anonymity and accountability.
- FIG 1 shows an embodiment of a communication model 100 of the invention, also known as "lnternetCash SM .”
- lntemetCash SM payment cards are first transferred to a physical point-of-sale (POS) terminal 102.
- POS point-of-sale
- ATM automated teller machine
- the cards are inactive which makes the value of the cards negligible and thus minimizes the amount of security needed for transportation and before any sale at POS terminal 102.
- the cards can be handled and displayed freely.
- an activation procedure is performed.
- the cards are activated at the time of purchase.
- activation is performed via on-line communication with an on-line banking system server 104, such as lnternetCash SM .
- the on-line communication may be through pre-existing means, for example, a card reader with dial-up capabilities or manually via the telephone.
- a store-specific personal identification number (PIN) and a store identifier (SID) may be used for accountability of activated cards.
- PIN personal identification number
- SID store identifier
- the SID may be used as a store/terminal unique identifier and as a countermeasure against brute force attacks against the PIN.
- the SID is kept secret and if possible it is sent to server 104 upon card activation. Otherwise the store PIN is used as an identifier instead.
- the PIN prevents impersonation of a store clerk and false card activation.
- the ATM- dispensed cards may be activated, for example, by on-line communication (described above), or by off-line activation.
- An example of the off-line activation may be when a terminal prints out an "activation receipt" corresponding to a specific dispensed card. This receipt contains a portion of the secret number required for card usage.
- the terminal should be as secure as a typical ATM terminal because it holds approximately as much cash as an ATM (either dispensed cash like an ATM and/or received cash by the user) and the terminal contains a secret key used either for secure on-line communication or for potential generation of the "activation receipt.”
- the dispensed cards may be active at time of shipment, so an additional activation is not necessary; such cards should be treated as cash as far as liability is concerned.
- ATM terminal there may be an additional authorization procedure performed by the user.
- the authorization procedure creates additional security, however, a system without the activation procedure may still be secure if the manufacturing process of the cards is controlled.
- a user logs into server 104 and is asked for the card number and card secret code.
- Server 104 may ask the user for the card number and card secret code again.
- Server 104 subsequently accesses the record of the entered card number, verifies the card secret code, and that the card has not previously been authorized.
- Server 104 asks the user to enter a User Personal Security Code (UPIN).
- the UPIN may be between 4 and 8 characters.
- the UPIN and associated card number may be stored in a database at server 104, such as an ORACLE® database.
- the activation procedure also affords added security to the user, by not allowing a lost card to be spent if the UPIN is not available.
- a user 108 logs in to a web site associated with merchant 106 and upon selecting a product/service, clicks, for example, a "click-and-pay" button. If user 108 is a first-time user, user 108 may be transferred to server 104 to automatically download any required software. If the user is not a first-time user, or once the software is downloaded, a window at the user's computer requesting the lnternetCash SM payment card number may be displayed. Payment information may also be displayed in the window for user verification. A merchant number and transaction-specific number may be stored at the user's computer for future accountability.
- a payment-specific authentication number is sent to server 104 (or the merchant forwards it) along with the payment data and the card number.
- the PAN is an authentication of the payment information that functions as a Message Authentication Code (MAC).
- MAC Message Authentication Code
- server 104 may process the transaction.
- Server 104 verifies that the card is active, the PAN has been computed correctly, the requested amount is available on the card, subtracts the payment amount from the card and credits the amount to the merchant's account, and returns an acknowledgment to merchant 106 as well as user 108.
- merchant 106 may forward the acknowledgment from server 104 to user 108. This information may also be stored at user 108's computer. If the transaction succeeds, then merchant 106 may provide the product/service to user 108 using any well-known delivery service, such as UPS, or by electronic delivery, such as HTTP, or FTP.
- server 104 may determine if user 108's card has been charged for this transaction. If the user 108's card has not been charged, the transaction data is deleted from the database. If the user 108's card has been charged, then either merchant 106 did not provided the requested product/service, or user 108 has not received them or acknowledged their receipt. In either case, this is an exception condition, which may be handled according to a merchant/lnternetCash SM policy. Server 104 may also log such events. The click-and-pay methodology is further described below with reference to Figure 4. Account Cards
- the cards which are used for lntemetCash SM for payment on the Web will now be described.
- the first kind of cards which may be used are magnetic-stripe cards that are dispensable by store clerks.
- the cards On their backside, the cards include: a card ID, a card secret code and directions for using the card and potentially a server's telephone number. If present, server 104's telephone number may be used for dialing in for on-line verification; otherwise on-line verification is performed via the magnetic stripe, as explained below.
- Each card has its own Card ID (CID).
- the CID is a character alphanumeric code comprised of 10 numeric digits and 26 letters.
- each alphanumeric character is equivalent to 5.17 bits.
- This CID number does not need to be kept secret and may be visibly displayed on the card.
- the Card Secret Code (CSC), however, must be kept secret.
- the CSC is used to provide security for the card.
- the CSC is a character alphanumeric code comprised of the same alphabet of numbers and letters as the CID, but it is not displayed on the card, so that only the user has this information. The CSC is further described below.
- the directions for using the card include instructions to verify that the card was indeed activated (an activation receipt may be printed out at POS terminal 102) and that the client software at the user 108's computer being used at payment time (the payment window) is authorized.
- the software is verified either by downloading it securely from server 104, verifying that code (e.g., applets) downloaded from a merchant is digitally signed by server 104, or verifying that the payment window is served from server 104.
- the magnetic-stripe may also contain a Bank Identification Number (BIN), the card ID, and server 104's telephone number.
- BIN Bank Identification Number
- the scratch-panel type cards use the scratch panels to hide the CSC. Once a user buys the card the user may scratch off the scratch panel to reveal the CSC. Since the card contains hidden information, only user 108 knows the number. A warning may be displayed on each card to prevent user 108 from buying the card if the panel has been scratched off.
- the cards without scratch-panels are similar to the cards with scratch panels in that the CSC is typed on the card and covered.
- the cards without scratch-panels may be glued to a paper holder and, thus, the CSC may only be seen after user 108 has removed the card from its holder. Alternatively the holder completely encloses the card, so that again the card secret code is not exposed unless the cover is ripped opened. A warning may be displayed on such cards such that they should not be purchased if the holder has been removed.
- An alternative to the magnetic-stripe cards is a simple flexible plastic card containing the same information as the magnetic-stripe card. With the plastic cards, however, a store clerk first dials up server 104 and enters the CID to perform on-line activation. Alternatively, these cards are activated at shipping time and do not need to be activated at the time of sale. Similarly to the magnetic-stripe cards, there are two types of plastic cards: the type with scratch-panel for protecting the secret code and the type without scratch- panel.
- Cards may also be dispensed from an unmanned ATM-style terminal. These dispensed cards do not need a magnetic-stripe or a scratch-panel because there is no human involvement and, as such, there is no danger of stealing the CSC code. Instead, the CSC is calculated and given to the user by the terminal. This calculation is performed using a terminal-specific secret key (TSK) and a cryptographic one-way or hash function. The TSK is further described below.
- TSK terminal-specific secret key
- the CSC is either printed on the card at the time of sale, on a separate
- the dispensed cards may be made of materials, such as paper, plastic, or a magnetic-stripes.
- the paper cards may be printed on the fly by the terminal since most ATM machines have a printer. This requires no dispensing system.
- the paper cards contain the CID and directions for usage.
- the ATM may print the card and include the CSC on the card.
- the flexible plastic card may or may not require some type of low- security dispensing mechanism, but provides a "tangible" material for user 108.
- the magnetic-stripe cards allow reloading at any POS 102.
- the magnetic-stripe cards are more expensive and may require a method of securely dispensing to prevent theft.
- the magnetic- stripe cards may contain server 104's telephone number and/or the BIN and CID numbers.
- pre-activated cards may be dispensed from separate canisters within an ATM machine.
- ATM machines have separate canisters that hold products, such as stamps, or checks. These ATMs also include software that prompts user 108 and subtracts funds from a user 108's account when user 108 purchases items from the canister.
- Cash cards may be dispensed from ATM machines using these canisters.
- POS Sale Figure 2 depicts a flow chart of the steps performed when performing a sale at the POS Terminal 102 consistent with methods and systems of the present invention. As discussed above, there are two forms of sales. Sales at a store using a POS terminal 102 (manned sale) and sales at an ATM terminal (unmanned sale). With a manned sale, the store clerk's role is to activate the card.
- a secure connection to server 104 is established (step 202).
- this is a dial-up session but an Internet connection is also possible depending on the facilities available at the POS Terminal 102.
- the dial-up connection may be performed by using an existing card-reader with dial-up capabilities used for credit-card authentication.
- the BIN number and/or the telephone number of server 104 is encoded on the magnetic-stripe so all that is required from the clerk is to simply slide the card through the reader and select the appropriate button for card activation.
- the store clerk may input a CID and a store-specific
- the CID may be encoded on the magnetic-stripe so this is sent automatically to server 104.
- the clerk may then input a store-specific PIN to activate the card.
- the cash cards may be activated in batch form, (e.g., five or ten) such that each card need not be activated as it is sold.
- the clerk inputs the batch number of the cards, which identifies that particular batch. If the dial-up device supports encryption and authentication, the batch mode may be utilized over this link.
- server 104 may process the transaction (step 206). During processing, server 104 activates the particular CID or card. The store's PIN may be saved together with the activation record (CID or batch and timestamp). Merchant 106 may be charged immediately or periodically, such as once a day. In addition, an acknowledgment may also be returned as part of processing the transaction and a receipt may also be printed for user 108.
- the POS method may be performed by an unmanned sale. Depending on the payment scenario, either a secret key inside POS terminal 102 needs to be secured or the POS terminal 102 may have a secure dispensing canister (in the case where the card is paid by withdrawing cash directly from a user 108's bank account). In the case where user 108 pays by cash terminal 102 should also accept cash. For example, ATM machines require both a secured secret key and the ability to store cash and also include secure dispensing canisters.
- a bank ATM may provide user 108 an additional choice of "Buying an lntemetCash SM payment card.” If user 108 desires to purchase an lnternetCash SM payment card, user 108 may select desired values, such as ten dollars or one hundred dollars. The ATM withdraws an appropriate amount from user 108's bank account and prints the card including the CID, CSC, directions for use and a transaction receipt. Alternatively, a set of blank cards may be located next to an ATM and user 108 may be required to write (with an attached pen) the CID and secret code on each card. This provides for a more "tangible" card.
- the ATM may then notify server 104 that a specific card has been sold. Alternatively, the ATM may notify server 104 at a later time, such as once every night for all cards sold that day.
- the ATM may then further process a list of available CIDs and a secret key which can be used to compute the card's secret code.
- the CIDs are unique in that they do not require explicit activation, and are activated in advance. Security may also be provided by a controlled generation of the secret codes, based on the ATM's secret key.
- the ATM secret key (TSK) is specific to each ATM used to compute the CSC.
- the secret key is inserted securely (for example, by designated personnel, or via a secure channel) and is generated by server 104 based on a master key and a unique identifier, such as the exact location and bank name of a particular ATM.
- pre- activated cash cards are provided in a secure dispensing canister, and after collecting money from user 108 may dispense the cards similar to how cash is dispensed.
- cash cards are formatted to a size similar to a paper bill and include a scratch panel similar to the cash cards sold by a store clerk.
- a cash-terminal sale accepts cash. Instead of accessing a user 108's bank account as in the ATM terminals, the cash-accepting terminals accept cash.
- a cash-accepting machine only needs a printer and does not need a display. Additionally, a cash accepting machine may be used to dispense pre- activated cards stored in a secure canister. This machine does not need specific additions, with the only requirement being secure transfer of cash cards and positioning them into the canister.
- CID Generators Examples of CID generators, secret and master keys, and terminal identifiers will now be described.
- CID In the case of point-code tracking the CID may be a concatenation of binary digit "1" (denoting point-code tracking) and a terminal unique identifier (TID) (8 decimal digits) to an ever-increasing serial number. Point-code tracking is defined as allowing tracing in dispensing terminals using the CID and by generating secret code on-the-fly by unmanned terminals.
- the CID is the concatenation of the TID and a serial number
- the CID discloses the TID and thus the dispensing terminal.
- the TID number is based on an assumption that there are 100 million terminals. These numbers are converted to binary, concatenated and converted to alphanumeric characters (base 36). Thus, assuming there are 100 million dispensing points with each dispensing point dispensing a maximum of 2,500 cards per POS per day for two types of dispensing systems (point-code tracking and user-based) over a 25 years system life, this amounts to 51 bits, or 10 alphanumeric characters.
- the number of cards over 25 years 100,000,000 (dispensing points) * 2,500 (cards per day per dispensing points) * 365 (days in a year) * 25 (years) « 2,281 ,250,000,000,000 * 2 51 .
- Cards and CIDs may be generated inside a cash card terminal by using a pseudorandom or sequential algorithm. The same space on the cards should not used for both point-code tracking and regular cards. For example, the regular CIDs may start with a binary digit "0.”
- the batch cards may also contain a batch number which can optionally be printed on the cards.
- the batch cards may be packed in batches and/or be activated in batches, either through a web interface within server 104 or through a phone interface.
- the IMK is created in a cryptographically secure way, and may contain over 160 bits.
- the IMK may contain random bits that are processed by a cryptographic function, such as a one-way hash function. These random bits may be created as a combination of inputs, including the lntemetCash SM administrator's keystroke, mouse movements, hard-drive speed variations, operating system state, time variations between hardware clocks, or other hardware sources of randomness, such as oscillators, or lava lamps.
- a brute force attack against the IMK could allow total manufacturing of cards.
- a "brute force attack” is the case where the attacker tries all possible values of a secret key, in this case the IMK, until the correct value is found; thus, at least 128 bits must be used, and preferably 256 bits.
- the IMK may expire at any time and cards manufactured after that point should use a new key. It is preferable that the IMK be refreshed at regular intervals (for example, annually) and be stored in a tamper-resistant hardware cryptographic device.
- TSK Terminal Secret Key
- CSC H(TSK, CID), where H is a cryptographic hash function.
- Brute force attacks against the TSK key could allow manufacturing of cards for a particular terminal. Since the terminal can be "black marked," this type of attack may not be very costly. In other words, if the terminal's key is lost, the terminal identifier can be marked as invalid starting from the time of security breach and ending at the time where the terminal is repaired, and all cards that are manufactured by this terminal in this time interval are also deemed as invalid. It is preferable that an 80-128 bit key be used, but if convenience dictates, a standard 56-bit DES key may be used.
- CSC Card Secret Code
- PAM Payment Authentication Number
- Brute force attacks require either querying the server 104 for each attempt or verifying against a payment, which is much more efficient. However, only one card is impersonated if such an attempt succeeds, so we need to solve for: Cost of brute force > value of card.
- SSL Secure Sockets Layer protocol which is being utilized for encrypting and authenticating data that is sent over the Internet or other insecure or public lines
- SSL is a de-facto standard used by Netscape Communicator ®, Internet Explorer ®, and other commercial browsers.
- Figure 3 depicts a flow chart of the steps performed when signing up an on-line merchant 106 and user 108.
- on-line merchant 106 obtains a registration number and an account at server 104 (step 302).
- online merchant 106 may log onto a web site and fill out an on-line application.
- on-line merchant 106 may communicate with an lntemetCash SM account representative.
- the application is approved either automatically or after appropriate background credit checks.
- a merchant identification number is assigned to merchant 106 which may be different from the account number for security purposes.
- server 104 sends (or the merchant may download) a signed, "payment program" to merchant 106 (step 304).
- This program may be, for example, a JAVA® applet that can then be incorporated inside any web page associated with merchant 104, or a program that includes sample web pages and other processing code that interfaces with merchant 104 associated with a back-end system.
- the code may be signed by server 104 and based on a public key.
- the public key is certified by a Certification Authority (CA), such as VERISIGN.
- CA Certification Authority
- the code comes complete with everything that is needed to process a payment, such as plug-ins for merchant 106 to add payment information and code for displaying the payment information.
- CA Certification Authority
- the plug-ins are for information such as dollar amount of purchase, description of product(s) sold, date and time of product sold and an empty "comments" section for additional information (this acts as a "memo" on a personal check).
- Any code sent to user 108's computer during a purchase includes programs for displaying the payment information, including merchant 106's identifying information, programs for user 108 to enter additional comments, programs asking user 108 to enter their lntemetCash SM payment card number and UPIN, and programs allowing the signing (or authenticating) of the payment information using the card's secret code and UPIN as the key.
- the payment window code is used to send the payment information and a PAN to server 104 potentially through redirection to the merchant, and waits for confirmation from server 104, including the categorized payment information.
- Server 104 processes the transaction received from payment window code at merchant 106 and sends a confirmation of payment to the payment code window, either directly or through merchant 106.
- the payment program may be personalized for each merchant 106.
- Merchant 106's identifying information may be displayed in the program as a headline, ticker, or border of the payment window, and may be included in the lntemetCash SM generated signature. This way, only authorized merchants 106 can use the payment program, and provides for greater accountability within model 100.
- the instantiation of the merchant-specific program signing can be performed by the addition of the merchant identifying information into the payment program, before server 104 signs the confirmation.
- the merchant-specific program signing enables server 104 to outsource the signature authorization and certification to an external CA.
- On Line Purchase Method Figure 4 depicts the steps performed when a user 108 uses the on-line payment process. First, user 108 logs into a Web site associated with merchant 106 and selects the goods/services to be purchased (step 402). If user 108 is a first-time user, user 108 may be forwarded to server 104 for an automated downloading process of the required software (e.g., payment window code).
- the required software e.g., payment window code
- a window at user 108's computer requesting an lnternetCash SM payment card number is displayed (step 404).
- the merchant payment program provides the product information, the merchant's identification number, a payment serial number, the payment amount and, optionally, a transaction time stamp to the payment code window on user 108's computer (step 406).
- the information is displayed to user 108 either through the code (e.g., JAVA® applet), as a redirection from server 104, or through a client resident program (e.g., a browser plug-in).
- the merchant payment program waits for a payment acknowledgment from server 104.
- user 108 verifies the payment information, optionally adds any comments in the comment area and enters the lnternetCash SM payment card number and UPIN (step 408).
- Either the payment code window or server 104 may compute the PAN based on the CSC and UPIN. Additionally, the computed information may be locally saved at user 108's computer file indexed by the merchant's identification number and transaction number. Once computed, the payment information and PAN are then sent to server 104 (step 410). Alternatively, user 108 may transmit the information to merchant 106, who may forward the payment information to server 104 (step 410).
- Next server 104 confirms the transaction (step 412). During confirmation, server 104 may access the card repository file indexed by CID, verify the card validity, obtain or recompute the CSC and UPIN, verify fund availability, subtract funds from the card account, and credit merchant 106's account. If the payment information is not correct, user 108 may be given the option to re-enter the data. If the card has not been authorized on-line, (e.g., a UPIN has not already been selected), then user 108 may be redirected to an on-line activation page located at server 104, to select a UPIN, before the payment transaction proceeds. Finally, if the funds remaining on the card are not sufficient to cover the cost of goods to be sold, user 108 may be given the option of using an additional card for the remaining amount.
- server 104 Upon successful completion of step 412, server 104 returns an acknowledgment to merchant 106 and user 108, indexed by a merchant number and a transaction number and a transaction time stamp (step 414).
- the signature may be based on an IMK.
- the merchant payment software and the payment code window saves this information in a local file. However, only the merchant software needs to verify the signature's validity before sending the product(s) to user 108 (step 416).
- the verification of the lnternetCash SM payment card signature on the payment information and PAN at merchant 106 computer are performed automatically by the payment software. This returns an "accept" code to the merchant, who then may initiate the shipment process.
- Disputes over payments and deliveries may be handled based on all saved information merchant 106 and user 108. If, for example, merchant 106 did not send the paid-for products, then user 108 may provide the payment information and acknowledgment to server 104 to verify their validity.
- FIG. 5 depicts a system 500 running on a reliable and secure platform.
- Server 104 may be, for example, an NT® or Unix®-based server on a SUN® workstation. All cryptographic operations are performed inside server 104.
- Server 104 is connected to a database 502 that contains a list of all issued cards, separated as active and inactive, and all transactions performed by each card.
- Database 502 may be an encrypted and signed 24x7 database.
- Cards in server 104 may be indexed by the CID. Each card entry contains the manufacturing date and time, the date, time and location of activation, the total value and the remaining value.
- a modem pool 504 may also be connected to server 104 to accept dial-up connections from POS's.
- Front end web server 506 contains a firewall and an HTTP front end 508 to provide security to server 104.
- the web server 506 serves as an intermediary between server 104 and network 510.
- the invention as described above is a novel solution which can be used by any user without requiring specific knowledge or even software installation.
- Methods and systems consistent with the present invention require no user accounts, provide anonymity and simplicity of use, and are nevertheless secure and accountable as any cash system should be.
- methods and systems consistent with the present invention overcome the shortcomings of existing financial transactional systems by providing users the ability to spend on-line easily, safely, anonymously, in small or large increments with no personal attachment to Internet service providers, billing, credit card, or banking institutions.
- the quantities defined here are cryptographic key sizes within the system of the invention, as well as some assumptions regarding the size of the user base and POS terminals.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU51668/00A AU5166800A (en) | 1999-05-28 | 2000-05-30 | Method and system for making anonymous electronic payments on the world wide web |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13671499P | 1999-05-28 | 1999-05-28 | |
US60/136,714 | 1999-05-28 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001011515A2 true WO2001011515A2 (en) | 2001-02-15 |
WO2001011515A8 WO2001011515A8 (en) | 2002-06-27 |
Family
ID=22474045
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/014603 WO2001011515A2 (en) | 1999-05-28 | 2000-05-30 | Method and system for making anonymous electronic payments on the world wide web |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU5166800A (en) |
WO (1) | WO2001011515A2 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001067407A1 (en) * | 2000-03-07 | 2001-09-13 | Technocash, Inc. | Electronic commerce payment system |
WO2003073388A1 (en) * | 2002-02-27 | 2003-09-04 | Teleglobal International Ltd. | Method and apparatus for secure electronic payment |
EP1363213A1 (en) * | 2001-02-20 | 2003-11-19 | Sony Computer Entertainment Inc. | Electronic settlement system and electronic settlement method |
NL1020734C2 (en) * | 2002-05-31 | 2003-12-02 | Pulse Marketing Services V O F | Digital transaction performing method, involves sending order and data stored on personalized key to selling party through Internet |
WO2003102888A1 (en) * | 2002-05-31 | 2003-12-11 | Marter B.V. | Method for performing digital transactions, computer program and computer |
WO2004114168A1 (en) * | 2003-06-25 | 2004-12-29 | Ewise Systems Pty Ltd | A system and method for facilitating on-line payment |
US7296003B2 (en) | 2001-08-17 | 2007-11-13 | Globex Financial Services, Inc. | Method and apparatus for facilitating manual payments for transactions conducted over a network |
EP1999716A2 (en) * | 2006-03-09 | 2008-12-10 | The Western Union Company | Electronic payment instrument system and method |
US7577598B2 (en) | 2001-05-01 | 2009-08-18 | United Parcel Service Of America, Inc. | Account opening facilitation system, method and computer program product |
WO2017074244A1 (en) * | 2015-10-30 | 2017-05-04 | Id Loop Ab | Method for payment with a cash card |
-
2000
- 2000-05-30 WO PCT/US2000/014603 patent/WO2001011515A2/en active Application Filing
- 2000-05-30 AU AU51668/00A patent/AU5166800A/en not_active Abandoned
Non-Patent Citations (1)
Title |
---|
No Search * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001067407A1 (en) * | 2000-03-07 | 2001-09-13 | Technocash, Inc. | Electronic commerce payment system |
EP1363213A4 (en) * | 2001-02-20 | 2007-04-18 | Sony Computer Entertainment Inc | Electronic settlement system and electronic settlement method |
EP1363213A1 (en) * | 2001-02-20 | 2003-11-19 | Sony Computer Entertainment Inc. | Electronic settlement system and electronic settlement method |
US7577598B2 (en) | 2001-05-01 | 2009-08-18 | United Parcel Service Of America, Inc. | Account opening facilitation system, method and computer program product |
US7296003B2 (en) | 2001-08-17 | 2007-11-13 | Globex Financial Services, Inc. | Method and apparatus for facilitating manual payments for transactions conducted over a network |
AU2003207870B2 (en) * | 2002-02-27 | 2007-03-22 | Teleglobal International Ltd. | Method and apparatus for secure electronic payment |
WO2003073388A1 (en) * | 2002-02-27 | 2003-09-04 | Teleglobal International Ltd. | Method and apparatus for secure electronic payment |
WO2003102888A1 (en) * | 2002-05-31 | 2003-12-11 | Marter B.V. | Method for performing digital transactions, computer program and computer |
NL1020734C2 (en) * | 2002-05-31 | 2003-12-02 | Pulse Marketing Services V O F | Digital transaction performing method, involves sending order and data stored on personalized key to selling party through Internet |
EP1644878A1 (en) * | 2003-06-25 | 2006-04-12 | Ewise Systems Pty Ltd | A system and method for facilitating on-line payment |
EP1644878A4 (en) * | 2003-06-25 | 2007-10-31 | Ewise Systems Pty Ltd | A system and method for facilitating on-line payment |
WO2004114168A1 (en) * | 2003-06-25 | 2004-12-29 | Ewise Systems Pty Ltd | A system and method for facilitating on-line payment |
US8825545B2 (en) | 2003-06-25 | 2014-09-02 | Ewise Systems Pty Ltd. | System and method for facilitating on-line payment |
EP1999716A2 (en) * | 2006-03-09 | 2008-12-10 | The Western Union Company | Electronic payment instrument system and method |
EP1999716A4 (en) * | 2006-03-09 | 2011-06-15 | Western Union Co | Electronic payment instrument system and method |
WO2017074244A1 (en) * | 2015-10-30 | 2017-05-04 | Id Loop Ab | Method for payment with a cash card |
US11461758B2 (en) | 2015-10-30 | 2022-10-04 | Id Loop Ab | Method for payment with cash card |
Also Published As
Publication number | Publication date |
---|---|
AU5166800A (en) | 2001-03-05 |
WO2001011515A8 (en) | 2002-06-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20010032878A1 (en) | Method and system for making anonymous electronic payments on the world wide web | |
US6748367B1 (en) | Method and system for effecting financial transactions over a public network without submission of sensitive information | |
US6675153B1 (en) | Transaction authorization system | |
US7318047B1 (en) | Method and apparatus for providing electronic refunds in an online payment system | |
US5903652A (en) | System and apparatus for monitoring secure information in a computer network | |
US7647278B1 (en) | Method for facilitating a transaction between a merchant and a buyer | |
US6990470B2 (en) | Method and system for conducting secure payments over a computer network | |
US5883810A (en) | Electronic online commerce card with transactionproxy number for online transactions | |
US6895394B1 (en) | Method for transmitting data and implementing server | |
US5802497A (en) | Method and apparatus for conducting computerized commerce | |
RU2292589C2 (en) | Authentified payment | |
US20020152180A1 (en) | System and method for performing secure remote real-time financial transactions over a public communications infrastructure with strong authentication | |
US20100125516A1 (en) | Methods and systems for secure mobile device initiated payments | |
US20010051902A1 (en) | Method for performing secure internet transactions | |
US20030061170A1 (en) | Method and apparatus for making secure electronic payments | |
WO2008018052A2 (en) | Secure mechanism and system for processing financial transactions | |
JP2000222488A (en) | Certificate meter with selectable indemnification provision | |
WO2001018729A1 (en) | System and method for providing secure services over public and private networks | |
US20080230599A1 (en) | System and method for processing transactions | |
US20120290484A1 (en) | Method and System for Sending Surveys and Receipts Electronically to Customers Purchasing with Credit Cards | |
WO2005089228A2 (en) | Internet debit system | |
JP2000227755A (en) | Selective safe level proofing meter | |
WO2001035570A1 (en) | Payment method and system for online commerce | |
AU781671B2 (en) | An improved method and system for conducting secure payments over a computer network | |
WO2001011515A2 (en) | Method and system for making anonymous electronic payments on the world wide web |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
AK | Designated states |
Kind code of ref document: C1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: C1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
D17 | Declaration under article 17(2)a | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |