EP0923769A2 - System,verfahren und hergestellter gegenstand für gesicherte,gespeicherte geldwert transaktionen über ein offenes kommunikationsnetwerk mit ausdehnbarer,flexibler architektur - Google Patents

System,verfahren und hergestellter gegenstand für gesicherte,gespeicherte geldwert transaktionen über ein offenes kommunikationsnetwerk mit ausdehnbarer,flexibler architektur

Info

Publication number
EP0923769A2
EP0923769A2 EP97936382A EP97936382A EP0923769A2 EP 0923769 A2 EP0923769 A2 EP 0923769A2 EP 97936382 A EP97936382 A EP 97936382A EP 97936382 A EP97936382 A EP 97936382A EP 0923769 A2 EP0923769 A2 EP 0923769A2
Authority
EP
European Patent Office
Prior art keywords
computer
transaction
merchant
payment
vpos
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP97936382A
Other languages
English (en)
French (fr)
Inventor
Kevin T. B. Rowney
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HP Inc
Original Assignee
Verifone Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Verifone Inc filed Critical Verifone Inc
Publication of EP0923769A2 publication Critical patent/EP0923769A2/de
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present invention relates to the secure, electronic payment in exchange for goods and services purchased over a communication network, and more specifically, to a system, method and article of manufacture for securely transmitting value transfers from one smart card to another smart card over an open, communication network utilizing a flexible, extensible architecture.
  • the present invention relates to an electronic representation of a monetary system for implementing electronic money payments as an alternative medium of economic exchange to cash, checks, credit and debit cards, and electronic funds transfer.
  • the Electronic-Monetary System is a hybrid of currency, check, card payment systems, and electronic funds transfer systems, possessing many of the benefits of these systems with few of their limitations.
  • the system utilizes electronic representations of money which are designed to be universally accepted and exchanged as economic value by subscribers of the monetary system.
  • checks may be written for any specific amount up to the amount available in the account, checks have very limited transferability and must be supplied from a physical inventory. Paper-based checking systems do not offer sufficient relief from the limitations of cash transactions, sharing many of the inconveniences of handling currency while adding the inherent delays associated with processing checks To this end, economic exchange has st ⁇ ven for greater convenience at a lower cost, while also seeking improved security
  • Electronic funds transfer is essentially a process of value exchange achieved through the banking system s centralized computer transactions.
  • EFT services are a transfer of payments utilizing electronic ' checks, which are used primarily by large commercial organizations
  • ACH Clearing House
  • POS Point Of Sale
  • Home Banking bill payment services are examples of an EFT system used by individuals to make payments from a home computer
  • home banking initiatives have found few customers Of the banks that have offered services for payments, account transfers and information over the telephone lines using personal computers, less than one percent of the bank s customers are using the service
  • One reason that Home Banking has not been a successful product is because the customer cannot deposit and withdraw money as needed in this type of system
  • the more well known techniques include magnetic stnpe cards purchased for a given amount and from which a prepaid value can be deducted for specific purposes Upon exhaustion of the economic value, the cards are thrown away
  • Other examples include memorv cards or so called smart cards which are capable of repetitively sto ⁇ ng information representing value that is likewise deducted for specific purposes.
  • a computer operated under the control of a merchant it is desirable for a computer operated under the control of a merchant to obtain information offered by a customer and transmitted by a computer operating under the control of the customer over a publicly accessible packet-switched network (e.g., the Internet) to the computer operating under the control of the merchant, without nsking the exposure of the information to interception by third parties that have access to the network, and to assure that the information is from an authentic source
  • the merchant to transmit information, including a subset of the information provided by the customer, over such a network to a payment gateway computer system that is designated, by a bank or other financial institution that has the responsibility of providing payment on behalf of the customer, to authorize a commercial transaction on behalf of such a financial institution, without the nsk of exposing that information to interception by third parties
  • institutions include, for example, financial institutions offe ⁇ ng credit or debit card services
  • SET' Secure Electronic Transaction
  • SSL Netscape, Inc s Secure Sockets Layer
  • Freier desc ⁇ bed m Freier, Karlton & Kocher
  • SSL Protocol Version 3.0, March 1996 and hereby incorporated by reference SSL provides a means for secure transmission between two computers.
  • SSL has the advantage that it does not require special- purpose software to be installed on the customer's computer because it is already incorporated into widely available software that many people utilize as their standard Internet access medium, and does not require that the customer interact with any third-party certification autho ⁇ ty.
  • the support for SSL may be incorporated into software already in use by the customer, e.g., the Netscape Navigator World Wide Web browsing tool.
  • a computer on an SSL connection may initiate a second SSL connection to another computer
  • a drawback to the SSL approach is each SSL connection supports only a two-computer connection Therefore, SSL does not provide a mechanism for transmitting encoded information to a merchant for retransmission to a payment gateway such that a subset of the information is readable to the payment gateway but not to the merchant
  • SSL allows for robustly secure two-party data transmission, it does not meet the ultimate need of the electronic commerce market for robustly secure three party data transmission.
  • VeriFone supports over fourteen hundred different payment-related applications.
  • the large number of applications is necessary to accommodate a wide variety of host message formats, diverse methods for communicating to a variety of hosts with different dial-up and direct-connect schemes, and different certification around the world.
  • POS Point of Sale
  • business processes that dictate how a Point of Sale (POS) terminal queries a user for data and subsequently displays the data.
  • various vertical market segments such as hotels, car rental agencies, restaurants, retail sales, mail sales / telephone sales require interfaces for different types of data to be entered, and provide different discount rates to merchants for complying with various data types.
  • report generation mechanisms and formats are utilized by merchants that banking organizations work with.
  • Banks are unwilling to converge on "standards" since convergence would facilitate switching from one acquiring bank to another by merchants.
  • banks desire to increase the cost that a merchant incurs in switching from one acquiring bank to another acquiring bank. This is accomplished by supplying a merchant with a terminal that only communicates utilizing the bank's proprietary protocol, and by providing other value-added services that a merchant may not be able to obtain at another bank.
  • Internet-based payment solutions require additional security measures that are not found in conventional POS terminals. This additional requirement is necessitated because Internet communication is done over publicly-accessible, unsecured communication line in stark contrast to the private, secure, dedicated phone or leased line service utilized between a traditional merchant and an acquiring bank. Thus, it is critical that any solution utilizing the Internet for a communication backbone, employ some form of cryptography.
  • SET the current state-of-the-art in Internet based payment processing is a protocol referred to as SET. Since the SET messages are uniform across all implementations, banks cannot differentiate themselves in any reasonable way. Also, since SET is not a proper superset of all protocols utilized today, there are bank protocols which cannot be mapped or translated into SET because they require data elements for which SET has no placeholder. Further, SET only handles the message types directly related to authorizing and capturing credit card transactions and adjustments to these authorizations or captures. In a typical POS terminal in the physical world, these messages comprise almost the entire volume of the total number of messages between the merchant and the authorizing bank, but only half of the total number of different message types. These message types, which are used infrequently, but which are critical to the operation of the POS terminal must be supported for proper transaction processing.
  • the Internet was proposed as a communication medium connecting personal computers with specialized reader hardware for facilitating reading and writing to smart cards.
  • the Internet is not a secure communication medium and value transfer was not secured.
  • a solution was necessary to shore up the Internet with secure value transfer processing to facilitate smart card processing over the Internet.
  • support was required to ensure that no third party could hijack a value transfer transaction. This would occur if someone diverted the transaction before it even started.
  • both parties can confirm the other party's identity.
  • the Internet separates the parties with miles of wire.
  • secure transmission of a value transfer protocol transaction is provided between a plurality of computer systems over a public communication system, such as the Internet.
  • a connection is created between two computer systems using a public network, such as the Internet, to connect the computers.
  • digital certificates and a digital signature are exchanged to ensure that both parties are who they say they are.
  • the two smart cards involved in a transaction are read by individual computers connected utilizing the network, and the value transfer protocol is executed over the secured network.
  • the value transfer protocol facilitates the exchange of money between the two smart cards.
  • Figure 1A is a block diagram of a representative hardware environment in accordance with a preferred embodiment
  • Figure IB depicts an overview in accordance with a preferred embodiment
  • Figure IC is a block diagram of the system in accordance with a preferred embodiment
  • FIG. 2 depicts a more detailed view of a customer computer system in communication with merchant system under the Secure Sockets Layer protocol in accordance with a preferred embodiment
  • Figure 3 depicts an overview of the method of securely supplying payment information to a payment gateway in order to obtain payment authorization in accordance with a preferred embodiment
  • Figure 4 depicts the detailed steps of generating and transmitting a payment authorization request in accordance with a preferred embodiment
  • FIGS. 5A through 5F depict views of the payment authorization request and its component parts m accordance with a preferred embodiment
  • Figures 6A and 6B depict the detailed steps of processing a payment authorization request and generating and transmitting a payment authorization request response in accordance with a preferred embodiment
  • Figures 7A through 7J depict views of the payment authorization response and its component parts in accordance with a preferred embodiment
  • Figure 8 depicts the detailed steps of processing a payment authorization response in accordance with a preferred embodiment
  • Figure 9 depicts an overview of the method of securely supplying pavment capture information to a payment gateway in accordance with a preferred embodiment
  • Figure 10 depicts the detailed steps of generating and transmitting a payment capture request in accordance with a preferred embodiment
  • FIGS 11 A through 1 IF depict views of the payment capture request and its component parts in accordance with a preferred embodiment
  • FIGS. 12A and 12B depict the detailed steps of processing a payment capture request and generating and transmitting a payment capture request response in accordance with a preferred embodiment
  • FIGS. 13A through 13F depict views of the payment capture response and its component parts in accordance with a preferred embodiment
  • Figure 14 depicts the detailed steps of processing a payment capture response in accordance with a preferred embodiment
  • Figure 15A fit 15B depicts transaction processing of merchant and consumer transactions in accordance with a preferred embodiment
  • Figure 16 illustrates a transaction class hierarchy block diagram in accordance with a preferred embodiment
  • Figure 17 shows a typical message flow between the merchant, vPOS terminal and the Gateway in accordance with a preferred embodiment
  • Figures 18A-E are block diagrams of the extended SET architecture in accordance with a preferred embodiment
  • FIG. 19 is a flowchart of vPOS merchant pay customization in accordance with a preferred embodiment
  • FIGS. 20A-20H are block diagrams and flowcharts setting forth the detailed logic of thread processing in accordance with a preferred embodiment
  • FIG. 21 is a detailed diagram of a multithreaded gateway engine m accordance with a preferred embodiment
  • Figure 22 is a flow diagram in accordance with a preferred embodiment
  • Figure 23 illustrates a Gateway's role in a network m accordance with a preferred embodiment
  • FIG. 24 is a block diagram of the Gateway in accordance with a preferred embodiment
  • Figure 25 is a block diagr ⁇ un of the vPOS Terminal Architecture m accordance with a preferred embodiment
  • Figure 26 is an architecture block diagram in accordance with a preferred embodiment
  • FIG. 27 is a block diagram of the payment manager architecture in accordance with a preferred embodiment
  • Figure 28 is a Consumer Payment Message Sequence Diagram m accordance with a preferred embodiment of the invention.
  • Figure 29 is an illustration of a certificate issuance form in accordance with a preferred embodiment
  • Figure 30 illustrates a certificate issuance response in accordance with a preferred embodiment
  • Figure 31 illustrates a collection of payment instrument holders in accordance with a preferred embodiment
  • Figure 32 illustrates the default payment instrument bitmap in accordance with a preferred embodiment
  • Figure 33 illustrates a selected payment instrument with a fill in the blanks for the cardholder in accordance with a preferred embodiment
  • Figure 34 illustrates a coffee purchase utilizing the newly defined VISA car ⁇ in accordance with a preferred embodiment of the invention
  • Figure 35 is a flowchart of conditional authorization of payment in accordance with a preferred embodiment
  • Figures 36-48 are screen displays in accordance with a preferred embodiment
  • Figure 49 shows how the vPOS authenticates an incoming response to a request in accordance with a preferred embodiment
  • Figure 50 is a flowchart for the merchant interaction with the Test Gateway in accordance -with a preferred embodiment
  • FIGS. 51-61 are flowcharts depicting the detailed logic oi the gateway in accordance with a preferred embodiment
  • Figure 62 is the main administration display for the Gateway in accordance with a preferred embodiment
  • Figure 63 is a configuration panel in accordance with a preferred embodiment.
  • Figure 64 is a host communication display for facilitating communication between the gateway and the acquirer payment host in accordance with a preferred embodiment
  • Figure 65 is a Services display in accordance with a preferred embodiment
  • Figure 66 is a graphical representation of the gateway transaction database in accordance with a preferred embodiment.
  • Figure 67 illustrates a payment architecture in accordance with a preferred embodiment.
  • FIG. 1A illustrates a typical hardware configuration of a workstation in accordance with a preferred embodiment having a central processing unit 10, such as a microprocessor, and a number of other units interconnected via a system bus 12.
  • the workstation shown in Figure 1A includes a Random Access Memory (RAM) 14, Read Only Memory (ROM) 16, an I/O adapter 18 for connecting peripheral devices such as disk storage units 20 to the bus 12, a user interface adapter 22 for connecting a keyboard 24, a mouse 26.
  • RAM Random Access Memory
  • ROM Read Only Memory
  • I/O adapter 18 for connecting peripheral devices such as disk storage units 20 to the bus 12
  • keyboard 24 for connecting a keyboard 24, a mouse 26.
  • the workstation typically has resident thereon an operating system such as the Microsoft Windows NT or Windows/95 Operating System (OS), the IBM OS/2 operating system, the MAC OS, or UNIX operating system.
  • OS Microsoft Windows NT or Windows/95 Operating System
  • OS/2 IBM OS/2 operating system
  • MAC OS UNIX operating system
  • a preferred embodiment is written using JAVA, C, and the C++ language and utilizes object oriented programming methodology.
  • Object oriented programming (OOP) has become increasingly used to develop complex applications.
  • OOP is a process of developing computer software using objects, including the steps of analyzing the problem, designing the system, and constructing the program.
  • An object is a software package that contains both data and a collection of related structures and procedures.
  • OOP Since it contains both data and a collection of structures and procedures, it can be visualized as a self-sufficient component that does not require other additional structures, procedures or data to perform its specific task. OOP, therefore, views a computer program as a collection of largely autonomous components, called objects, each of which is responsible for a specific task.
  • encapsulation This concept of packaging data, structures, and procedures together in one component or module is called encapsulation.
  • OOP components are reusable software modules which present an interface that conforms to an object model and which are accessed at run-time through a component integration architecture.
  • a component integration architecture is a set of architecture mechanisms which allow software modules in different process spaces to utilize each others capabilities or functions. This is generally done by assuming a common component object model on which to build the architecture.
  • An object is a single instance of the class of objects, which is often just called a class.
  • a class of objects can be viewed as a blueprint, from which many objects can be formed.
  • OOP allows the programmer to create an object that is a part of another object.
  • the object representing a piston engine is said to have a composition-relationship with the object representing a piston.
  • a piston engine comprises a piston, valves and many other components, the fact that a piston is an element of a piston engine can be logically and semantically represented in OOP by two objects.
  • OOP also allows creation of an object that "depends from" another object If there are two objects, one representing a piston engine and the other representing a piston engine wherein the piston is made of ceramic, then the relationship between th ⁇ v two objects is not that of composiuon
  • a ceramic piston engine does not make up a piston engine Rather it is merely one kind of piston engine that has one more limitation than the piston engine; its piston is made of ceramic
  • the object representing the ceramic piston engine is called a de ⁇ ved object, and it inhe ⁇ ts all of the aspects of the object representing the piston engine and adds further limitation or detail to it
  • the object representing the ceramic piston engine "depends from” the object representing the piston engine The relationship between these objects is called mhe ⁇ tance
  • the ceramic piston engine object When the object or class representing the ceramic piston engine inhe ⁇ ts all of the aspects of the objects representing the piston engine, it inhe ⁇ ts the thermal characte ⁇ stics of a standard piston defined in the piston engine class However, the ceramic piston engine object over ⁇ des these ceramic specific thermal characte ⁇ stics, which are typically different from those associated with a metal piston It skips over the o ⁇ ginal and uses new functions related to ceramic pistons Different kinds of piston engines have different characte ⁇ stics, but may have the same underlying functions associated with it (e.g., how many pistons in the engine, ignition sequences, lub ⁇ cation, etc ) To access each of these functions in any piston engine object, a programmer would call the same functions with the same names, but each type of piston engine may have different /over ⁇ ding implementations of functions behind the same name This ability to hide different implementations of a function bemnd the same name is called polymorphism and it greatly simplifies communication among objects
  • an object can represent just about anything in the real world. In fact, our logical perception of the reality is the only limit on determining the kinds of things that can become objects in object-o ⁇ ented software.
  • Some typical catego ⁇ es are as follows Objects can represent physical objects, such as automobiles in a traffic-flow simulation, elect ⁇ cal components in a circuit-design program, count ⁇ es in an economics model, or aircraft in an air-traffic-control system
  • Objects can represent elements of the computer-user environment such as windows, menus or graphics objects.
  • An object can represent an inventory, such as a personnel file or a table of the latitudes and longitudes of cities.
  • An object can represent user-defined data types such as time, angles, and complex numbers, or points on the plane.
  • OOP allows the software developer to design and implement a computer program that is a model of some aspects of reality, whether that reality is a physical entity, a process, a system, or a composition of matter. Since the object can represent anything, the software developer can create an object which can be used as a component in a larger software project in the future.
  • Encapsulation enforces data abstraction through the organization of data into small, independent objects that can communicate with each other. Encapsulation protects the data in an object from accidental damage, but allows other objects to interact with that data by calling the object's member functions and structures. _ Subclassing and inhe ⁇ tance make it possible to extend and modify objects through de ⁇ ving new kinds of objects from the standard classes available in the system. Thus, new capabilities are created without having to start from scratch. Polymorphism and multiple inheritance make it possible for different programmers to mix and match characteristics of many different classes and create specialized objects that can still work with related objects in predictable ways.
  • Class hierarchies and containment hierarchies provide a flexible mechanism for modeling real-world objects and the relationships among them
  • Libraries of reusable classes are useful in many situations, but they also have some limitations.
  • _ Complexity In a complex system, the class hierarchies lor relared classes can become extremely confusing, with many dozens or even hundreds of classes.
  • Flow of control A program w ⁇ tten with the aid of class libraries is still responsible for the flow of control (i.e., it must control the interactions among .all the objects created from a particular library). The programmer nas to decide which functions to call at what times for which kinds of objects.
  • Class libraries are very flexible. As programs grow more complex, more programmers are forced to adopt basic solutions to basic problems over and over again.
  • a relatively new extension of the class library concept is to have a framework of class libraries. This framework is more complex and consists of significant collections of collaborating classes that capture both the small scale patterns and major mechanisms that implement the common requirements and design in a specific application domain. They were first developed to free application programmers from the chores involved in displaying menus, windows, dialog boxes, and other standard user interface elements for personal computers.
  • Frameworks also represent a change in the way programmers think about the interaction between the code they write and code written by others.
  • the programmer called libraries provided by the operating system to perform certain tasks, but basically the program executed down the page from start to finish, and the programmer was solely responsible for the flow of control. This was appropriate for printing out paychecks, calculating a mathematical table, or solving other problems with a program that executed in just one way.
  • event loop programs require programmers to w ⁇ te a lot of code that should not need to be w ⁇ tten separately for every application.
  • the concept of an application framework car ⁇ es the event loop concept further Instead of dealing with all the nuts and bolts of constructing basic menus, windows, and dialog boxes and then making these things all work together, programmers using application frameworks start with working application code and basic user interface elements in place Subsequently, they build from there by replacing some of the gene ⁇ c capabilities of the framework with the specific capabilities of the intended apphcation
  • Application frameworks reduce the total amount of code that a programmer has to w ⁇ te from scratch
  • the framework is really a gene ⁇ c application that displays windows, supports copy and paste, and so on, the programmer can also relinquish control to a greater degree than event loop programs permit.
  • the framework code takes care of almost all event handling and flow of control, and the programmer's code is called only when the framework needs it (e.g , to create or manipulate a prop ⁇ etary data structure)
  • a programmer wnting a framework program not only relinquishes control to the user (as is also true for event loop programs), but also relinquishes the detailed flow of control within the program to the framework This approach allows the creation of more complex systems that work together m interesting ways, as opposed to isolated programs, having custom code, being created over and over again for similar problems.
  • a framework basically is a collection of cooperating classes that make up a reusable design solution for a given problem domain It typically includes objects that provide default behavior (e.g., for menus and windows), and programmers use it by inhe ⁇ ting some of that default behavior and ovemdmg other behavior so that the framework calls application code at the approp ⁇ ate times.
  • default behavior e.g., for menus and windows
  • programmers use it by inhe ⁇ ting some of that default behavior and ovemdmg other behavior so that the framework calls application code at the approp ⁇ ate times.
  • Class libraries are essentially collections of behaviors that you can call when you want those individual behaviors in your program.
  • a framework provides not only behavior but also the protocol or set of rules that govern the ways in which behaviors can be combined, including rules for what a programmer is supposed to provide versus what the framework provides.
  • a preferred embodiment of the invention utilizes HyperText Markup Language (HTML) to implement documents on the Internet together with a general-purpose secure communication protocol for a transport medium between the client and the merchant.
  • HTTP or other protocols could be readily substituted for HTML without undue experimentation.
  • Information on these products is available in T. Berners-Lee, D. Connoly, "RFC 1866: Hypertext Markup Language - 2.0" (Nov. 1995); and R. Fielding, H, Frystyk, T. Berners-Lee, J. Gettys and J.C.
  • HTML Hypertext Transfer Protocol - HTTP/ 1.1: HTTP Working Group Internet Draft
  • HTML documents are SGML documents with generic semantics that are approp ⁇ ate for representing information from a wide range of domains. HTML has been in use by the World-Wide Web global information initiative since 1990. HTML is an application of ISO Standard 8879: 1986 Information Processing Text and Office Systems; Standard Generalized Markup Language (SGML).
  • HTML has been the dominant technology- used in development of Web-based solutions.
  • HTML has proven to be inadequate m the following areas: o Poor performance; o Rest ⁇ cted user interface capabilities; o Can only produce static Web pages; o Lack of interoperability with existing applications and data; and o Inability to scale.
  • Sun Microsystem's Java language solves many of the client-side problems by: o Improving performance on the client side; o Enabling the creation of dynamic, real-time Web applications; and o Providing the ability to create a wide va ⁇ ety of user interface components.
  • Custom "widgets” e.g. real-time stock tickers, animated icons, etc.
  • client-side performance is improved.
  • Java supports the notion of client-side validation, offloading approp ⁇ ate processing onto the client for improved performance
  • Dynamic real-time Web pages can be created.
  • custom UI components dynamic Web pages can also be created.
  • Sun's Java language has emerged as an industry-recognize ⁇ langua e for "programming the Internet.”
  • Sun defines Java as: "a simple, object-onented. dist ⁇ bute ⁇ , interpreted, robust, secure, architecture-neutral, portable, high-performance, muluthreaded, dynamic, buzzword- compliant, general-purpose programming language.
  • Java supports programming for the Internet in the form of platform-independent Java applets.”
  • Java applets are small, specialized applications that comply with Sun s Java Application Programming Interface (API) allowing developers to add ' interactive content ' to Web documents (e g simple animations, page adornments, basic games, etc ) Applets execute within a Java-compatible browser (e g Netscape Navigator) by copying code from the server to client From a language standpoint, Java's core feature set is based on C++ Sun s Java literature states that Java is basically "C++, with extensions from Objective C for more dynamic method resolution
  • ActiveX includes tools for developing animation, 3-D virtual reality, video and other multimedia content
  • the tools use Internet standards, work on multiple platforms, and are being supported by over 100 companies
  • the group s building blocks are called ActiveX Controls, small, fast components that enable developers to embed parts of software in hypertext markup language (HTML) pages
  • ActiveX Controls work with a va ⁇ etv of programming languages including Microsoft Visual C++, Borland Delphi, Microsoft Visual Basic programming system and, in the future, Microsoft's development tool for Java, code named "Jakarta ActiveX Technologies also includes ActiveX Server Framework, allowing developers to create server applications.
  • ActiveX Server Framework allowing developers to create server applications.
  • FIG. IB depicts an overview of the present invention
  • Customer computer system 120 is in communication with merchant computer system 130
  • the customer-merchant session 150 operates under a general-purpose secure communication protocol such as the SSL protocol
  • Merchant computer system 130 is additionally in communication with payment gateway computer system 140
  • a payment gateway is a system that provides electronic commerce services in support of a bank or other financial institution, and that interfaces to the financial institution to support the authorization and capture of transactions
  • the customer-institution session 170 operates under a va ⁇ ant of a secure payment technology such as the SET protocol, as desc ⁇ bed herem, referred to as Merchant-Ongmated Secure Electronic Transactions ( 'MOSET ), as is more fully desc ⁇ bed herein
  • Customer-to-Merchant Communication Figure 2 depicts a more detailed view of customer computer system 120 in communication with merchant system 130 using customer-merchant session 150 operating under the SSL protocol as documented in Freier and incorporated by reference
  • Customer computer system 120 initiates communication with merchant computer system 130 using any well-known access protocol, e.g , Transmission Control Protocol/ Internet Protocol ("TCP/IP")
  • TCP/IP Transmission Control Protocol/ Internet Protocol
  • a desc ⁇ ption of TCP/IP is provided in Information Sciences Institute, Transmission Control Protocol DARPA Internet Program Protocol Specification (RFC 793)" (September, 1981), and Information Sciences Institute, "Internet Protocol DARPA Internet Program Protocol Specification (RFC 791)” (September, 1981).
  • customer computer system 120 acts as a client and merchant computer system 130 acts as a server
  • Customer computer system 120 initiates communication by sending client hello' message 210 to the merchant computer system 130
  • client hello message 210 When a client first connects to a server it is required to send the client hello message 210 as its first message.
  • the client can also send a client hello message 210 in response to a hello request on its own initiative in order to renegotiate the secu ⁇ ty parameters in an existing connection.
  • the client hello message includes a random structure, which is used later in the protocol.
  • the random structure includes the current time and date in standard UNIX 32-bit format according to the sender s internal clock and twenty-eight bytes of data generated by a secure random number generator
  • the client hello message 210 further includes a variable length session identifier If not empty, the session identifier value identifies a session between the same client and server whose secu ⁇ ty parameters the client wishes to reuse.
  • the session identifier may be from an earlier connection, the current connection, or another currently active connection It is useful to specify the current connection if the client only wishes to update the random structures and de ⁇ ved values of a connection It is useful to specify another currently active connection if the client wishes to establish several simultaneous independent secure connections to the same server without repeating the full handshake protocol.
  • Client hello message 210 further includes an indicator of the cryptographic algo ⁇ thms supported b ⁇ the client in order of the client s preference, ordered according to client preference
  • client hello message 210 if merchant computer system 130 wishes to correspond with customer computer system 120, it responds with server hello message 215 If merchant computer system 130 does not wish to communicate with customer computer system 120, it responds with a message, not shown, indicating refusal to communicate
  • Server hello message 215 includes a random structure, which is used later in the protocol
  • the random structure in server hello message 215 is in the same format as, but has contents independent of, the random structure m client hello message 210
  • the random structure includes the current time and date in standard UNIX 32-bit format according to the sender s internal clock and twenty-eight bytes of data generated by a secure random number generator
  • Server hello message 215 further includes a vanable length session identifier
  • the session identifier value identifies a new or existing session between the same client and server Server hello message 215 further includes an indicator of the cryptographic algo ⁇ thms selected from among the algo ⁇ thms specified by client hello message 210, which is utilized in further encrypted communications
  • Merchant computer system 130 transmits a server certificate 220 If transmitted, server certificate 130 enables customer computer system 120 to authenticate the identity of merchant computer system 130
  • server certificate 220 may optionally transmit a server key exchange message 225
  • Server key exchange message 225 identifies a key that mav be used by customer computer system 120 to decrypt further messages sent by merchant computer system 130
  • merchant computer system 130 After transmitting server hello message 215, and optionally transmitting server certificate 220 or server key exchange message 225, merchant computer system 130 transmits a server hello done message 230 and waits for a further response from customer computer system 120
  • Customer computer system 120 optionally transmits client certificate 240 to merchant computer system 130 If transmitted, client certificate 240 enables merchant computer system 130 to authenticate the identity of customer computer system 120 Alternatively, customer computer system 120 may transmit a no-client-certificate alert 245, to indicate that the customer has not registered with any certification autho ⁇ ty.
  • customer computer system 130 may optionally transmit a client key exchange message 250 Client key exchange message 250 identifies a key that may be used by merchant computer system 130 to decrypt further messages sent by customer computer system 120.
  • customer computer system 120 After optionally transmitting client certificate 240, no-client-certificate alert 245 and/or client key exchange message 250, customer computer system 120 transmits a finished message 260
  • customer computer system 120 and merchant computer system 130 have: 1) negotiated an encryption scheme that may be commonly employed in further communications, and 2) have communicated to each other a set of encryption keys that may be used to decrypt further communications between the two computer systems.
  • Customer computer system 120 and merchant computer system 130 may thereafter engage in secure communications 270 with less nsk of interception by third parties.
  • Among the messages communicated by customer computer system 120 to merchant computer system 130 may be messages that specify goods or services to be ordered and payment information, such as a credit card number and related information, collectively referred to as "payment information," that may be used to pay for the goods and/or services ordered.
  • payment information such as a credit card number and related information
  • the merchant In order to obtain payment, the merchant must supply this information to the bank or other payment gateway responsible for the proffered payment method This enables the merchant to perform payment authorization and payment capture
  • Payment authorization is the process by which permission is granted by a payment gateway operating on behalf of a financial institution to authorize payment on behalf of the financial institution. This is a process that assesses transaction nsk, confirms that a given transaction does not raise the account holder s debt above the account s credit limit, and reserves the specified amount of credit.
  • Payment capture is the process that t ⁇ ggers the movement of funds from the financial institution to the merchant s account after settlement of the account
  • An embodiment in accordance with the subject invention allows an acquirer processor to accept transactions from Internet storefronts without alte ⁇ ng a current host environment.
  • the system easily converts payment protocol messages and simultaneously manages transactions from a number of Internet merchant servers As the number of transactions grows, the payment gateway can be scaled to handle the increased business, and it can be configured to work with specific business processes used by the acquirer/ processor Thus, the payment gateway supports Internet processing utilizing payment processing operations.
  • the payment gateway provides support for configu ⁇ ng and installing the Internet payment capability utilizing existing host point-of-sale technology.
  • the payment gateway also provides an intuitive Graphical User Interface (GUI) with support built in to accommodate future payment instruments such as debit cards, electronic checks, electronic cash and micropayments.
  • GUI Graphical User Interface
  • the payment gateway implements secure transactions using RSA public-key cryptography and the MasterCard /Visa Secure Electronic Transaction (SET) protocol.
  • the gateway also provides full functionality for merchant payment processing including authorization, capture, settlement and reconciliation while providing monitor activity with reporting and tracking of transactions sent over the Internet.
  • the payment gateway also implements Internet payment procedures that match current processor business models to ensure consistency for merchants. Handling Internet transactions is destined to become a necessary function for every payment processing system Today, merchants often transmit data received over the Internet inefficiently Some fax the information or waste time keying data into a non-Internet system.
  • Figure 3 depicts an overview of the method of securely supplying payment information to a payment gateway in order to obtain payment authorization.
  • merchant computer system 130 generates a payment authorization request 315 and transmits it to payment gateway computer system 140.
  • payment gateway system 140 processes the payment authorization request, generates a payment authorization response 325 and transmits it to merchant computer system 130.
  • merchant computer system 130 processes payment authorization response 325 and determines whether payment for the goods or services sought to be obtained by the customer has been authorized
  • Figure 4 depicts the detailed steps of generating and transmitting a payment authorization request.
  • Figures 5A through 5F depict views of the payment authorization request and its component parts.
  • merchant computer system 130 creates a basic authorization request 510
  • the basic authorization request is a data area that includes all the information for determining whether a request should be granted or denied. Specifically, it includes such information as the party who is being charged, the amount to be charged, the account number of the account to be charged, and any additional data, such as passwords, needed to validate the charge. This information is either calculated based upon p ⁇ or customer merchandise selection, or provided by the customer over the secure link 270 established in the customer-merchant general-purpose secure communication protocol session.
  • Fig 5A depicts a basic authorization request 510.
  • merchant computer system 130 combines basic authorization request 510, a copy of its encryption public key certificate 515 and a copy of its signature public key certificate 520.
  • Merchant computer system 130 calculates a digital signature 525 for the combined contents of the combined block 530 comp ⁇ sing basic authorization request 510, the encryption public key certificate 515 and the signature public key certificate 520, ⁇ md appends it to the combination of the combined basic authorization request 510, the encryption pubhc key certificate 515 and the signature public key certificate 520.
  • the merchant computer system calculates digital signature 525 by first calculating a "message digest" based upon the contents of the combined basic authorization request 510, the encryption public key certificate 515 and the signature public key certificate 520.
  • a message digest is the fixed-length result that is generated when a variable length message is fed into a one-way hashing function.
  • Message digests help venfy that a message has not been altered because alte ⁇ ng the message would change the digest
  • the message digest is then encrypted using the merchant computer system's 130 digital signature p ⁇ vate key, thus forming a digital signature
  • Figure 5B depicts the combined block 530 formed by function block 420 and containing basic authorization request 510, the encryption public key certificate 515, the signature public key certificate 520, and digital signature 525
  • RK-0 540 is a random encryption key RK- 0 540, denoted as RK-0 Random encryption key RK-0 540 is a symmet ⁇ c encryption key
  • a symmet ⁇ c encryption key is a key characterized by the property that a message encrypted with a symmet ⁇ c key can be decrypted with that same key
  • an asymmet ⁇ c key pair such as a public-key/ p ⁇ vate-key key pair, where a message encrypted with one key of the key pair may only be decrypted with the other key of the same key pair
  • Figure 5C depicts random encryption key RK-0 540
  • merchant computer system 130 encrypts random encryption key RK-0 540 using the public key of payment gateway system 140 to form encrypted random key 560
  • Figure 5E depicts encrypted random key 560
  • the encryption state of encrypted random key 560 is graphically shown by payment gateway public key lock 565, which indicates that encrypted random key 560 is encrypted using the payment gateway public key
  • merchant computer system 130 concatenates encrypted combined block 550 and encrypted random key 560 to form merchant authorization request 315
  • Figure 5F depicts merchant authorization request 315 comp ⁇ sing encrypted combined block 550 and encrypted random key 560
  • merchant computer system 130 transmits merchant authorization request 315 to payment gateway system 140 Payment Authorization Request Processing
  • Figure 6 depicts the detailed steps of processing a payment authorization request and generating and transmitting a payment authorization request response.
  • Function blocks 610 through 630 depict the steps of processing a payment authorization request, while function blocks 635 through 685 depict the steps of generating and transmitting a payment autho ⁇ zauon request response.
  • payment gateway computer system 140 applies its p ⁇ vate key to encrypted random kev 560 contained within received merchant authorization request 315 thereby decrypting it and obtaining a cleartext version of random key RK-0 540.
  • payment gateway computer system 140 applies random key RK-0 540 to encrypted combined block 550, thereby decrypting it and obtaining a cleartext version of combined block 530.
  • Combined block 530 comp ⁇ ses basic authorization request 510, a copy of merchant computer system's 130 encryption public key certificate 515 and a copy of merchant computer system's 130 signature public key certificate 520, as well as merchant digital signature 525
  • payment gateway computer system 140 ve ⁇ fies merchant computer system's 130 encryption public key certificate 515 and merchant computer system's 130 signature public key certificate 520 Payment gateway computer system 140 performs this venfication by making a call to the certification autho ⁇ ties associated with each certificate. If ve ⁇ fication of either certificate fails, payment gateway computer system 140 rejects the authorization request
  • payment gateway computer system 140 validates merchant digital signature 525. Payment gateway computer system 140 performs this validation by calculating a message digest over the contents of the combined hasic authorization request 510, the encryption public key certificate 515 and the signature public key certificate 520 Payment gateway computer system 140 then decrypts digital signature 525 to obtain a copy of the equivalent message digest calculated by merchant computer system 130 in function block 420. If the two message digests are equal, the digital signature 525 is validated. If validation fails, payment gateway computer system 140 rejects the authorization request.
  • payment gateway computer system 140 determines the financial institution for which authorization is required by inspection of basic authorization request 510. Payment gateway computer system 140 contacts the appropriate financial institution using a secure means, e.g, a direct-di ⁇ d modem-to-modem connection, or a proprietary internal network that is not accessible to third parties, and using prior art me ⁇ ins, obtains a response indicating whether the requested payment is authorized.
  • a secure means e.g, a direct-di ⁇ d modem-to-modem connection, or a proprietary internal network that is not accessible to third parties, and using prior art me ⁇ ins, obtains a response indicating whether the requested payment is authorized.
  • Function blocks 635 through 685 depict the steps of generating and transmitting a payment authorization request response.
  • Figures 7A through 7J depict views of the payment authorization response and its component parts.
  • payment gateway computer system 140 creates a basic authorization response 710.
  • the basic authorization request is a data area that includes all the information to determine whether a request was granted or denied.
  • Figure 7A depicts basic authorization response 710.
  • payment gateway computer system 140 combines basic authorization response 710, and a copy of its signature public key certificate 720.
  • Payment computer system 140 calculates a digital signature 725 for the combined contents of the combined block 730 comprising basic authorization response 710 and the signature public key certificate 720, and appends the signature to the combination of the combined basic authorization response 710 and the signature public key certificate 720.
  • the payment gateway computer system calculates digital signature 725 by first calculating a message digest based on the contents of the combined basic authorization response 710 and signature public key certificate 720. The message digest is then encrypted using the merchant computer system's 140 digital signature private key, thus forming a digital signature.
  • Figure 7B depicts the combined block 730 formed in function block 640 and containing basic authorization response 710, the signature public key certificate 720, and digital signature 725.
  • payment gateway computer system 150 In function block 645, payment gateway computer system 150 generates a first symmet ⁇ c random encryption key 740, denoted as RK- 1.
  • Figure 7C depicts first random encryption key RK- 1 740.
  • payment gateway computer system 140 encrypts combined block 730 using random encryption key RK- 1 740 to form encrypted combined block 750.
  • Figure 7D depicts encrypted combined block 750.
  • the encryption state of encrypted combined block 750 is graphically shown by random key lock 755, which indicates that encrypted combined block 750 is encrypted using random key RK- 1 740.
  • payment gateway computer system 140 encrypts random encryption key RK- 1 740 using the public key of merch ⁇ mt computer system 130 to form encrypted random key RK 760.
  • Figure 7E depicts encrypted random key RK- 1 760.
  • the encryption state of encrypted random key 760 is graphically shown by merchant public key lock 765, which indicates that encrypted random key 760 is encrypted using the merchant public key
  • payment gateway computer system 140 In function block 660, payment gateway computer system 140 generates a random capture token 770 Random capture token 770 is utilized in subsequent payment capture processing to associate the payment capture request with the payment authorization request being processed Figure 7F depicts capture token 775.
  • payment gateway computer system 140 In function block 665, payment gateway computer system 140 generates a second symmet ⁇ c random encryption key 775, denoted as RK-2.
  • Figure 7G depicts second r ⁇ uidom encryption key RK-2 775.
  • payment gateway computer system 140 encrypts capture token 770 using random encryption key RK-2 770 to form encrypted capture token 780.
  • Figure 7H depicts encrypted capture token 780.
  • the encryption state of encrypted capture token 780 is graphically shown by random key lock 785, which indicates that encrypted capture token 780 is encrypted using random key RK-2 770.
  • payment gateway computer system 140 encrypts second random encryption key RK-2 775 using its own public key to form encrypted random key RK-2 790.
  • Figure 71 depicts encrypted random key RK-2 790.
  • the encryption state of encrypted random key 790 is graphically shown by payment gateway public key lock 795, which indicates that encrypted random key 790 is encrypted using the payment gateway public key.
  • payment gateway computer system 140 concatenates encrypted combined block 750, encrypted random key RK-1 760, encrypted capture token 780 and encrypted random key RK-2 790 to form merchant authorization response 325.
  • Figure 7J depicts merchant authorization response 325 comprising encrypted combined block 750, encrypted random key RK-1 760, encrypted capture token 780 and encrypted random key RK- 2 790.
  • payment gateway computer system 140 transmits merchant authorization response 325 to merchant system 130.
  • Figure 8 depicts the detailed steps of processing a payment authorization response.
  • merchant computer system 130 applies its private key to encrypted random key
  • RK-1 760 contained within received merchant authorization response 325, thereby decrypting it and obtaining a cleartext version of random key RK- 1 740.
  • merchant computer system 130 applies random key RK- 1 740 to encrypted combined block 750, thereby decrypting it and obtaining a cleartext version of combined block 730.
  • Combined block 730 comprises basic authorization response 710, a copy of payment gateway computer system's
  • merchant computer system 130 verifies payment gateway computer system's 140 signature public key certificate 720. Merchant computer system 130 performs this verification by making a call to the certification authority associated with the certificate. If verification of the certificate fails, merchant computer system 130 concludes that the authorization response is counterfeit and treats it though the authorization request had been rejected.
  • merchant computer system 130 validates payment gateway digital signature 725. Merchant computer system 130 performs this validation by calculating a message digest over the contents of the combined basic authorization request 710 and the signature public key certificate 720. Merchant computer system 130 then decrypts digital signature 725 to obtain a copy of the equivalent message digest calculated by payment gateway computer system 140 in function block 640. If the two message digests are equal, the digital signature 725 is validated. If validation fails, concludes that the authorization response is counterfeit and treats it though the authorization request had been rejected
  • merchant computer system 130 stores encrypted capture token 780 and encrypted random key RK-2 790 for later use in payment capture.
  • merchant computer system 130 processes the customer purchase request in accordance with the authorization response 710. If the authorization response indicates that payment in authorized, merchant computer system 130 fills the requested order. If the authorization response indicates that payment is not authorized, or if merchant computer system 130 determined m function block 830 or 840 that the authorization response is counterfeit , merchant computer system 130 indicates to the customer that the order cannot be filled
  • Figure 9 depicts an overview of the method of securely supplying payment capture information to payment gateway 140 in order to obtain payment capture.
  • merchant computer system 130 generates a merchant payment capture request 915 and transmits it to payment gateway computer system 140.
  • payment gateway system 140 processes the payment capture request 915, generates a payment capture response 925 and transmits it to merchant computer system 130.
  • merchant computer system 130 processes payment capture response 925 and ve ⁇ fies that payment for the goods or services sought to be obt ⁇ uned by the customer have been captured.
  • Figure 10 depicts the det ⁇ dled steps of generatmg and transmitting a payment capture request.
  • Figures 11A through 11F depict views of the payment capture request and its component parts.
  • merchant computer system 130 creates a basic capture request 510.
  • the basic capture request is a data area that includes all the information needed by payment gateway computer system 140 to trigger a transfer of funds to the merchant operating merchant computer system 130.
  • a capture request includes a capture request amount, a capture token, a date, summary information of the purchased items and a Merchant ID (MID) for the particular merchant.
  • Figure 11A depicts basic authorization request 1110.
  • merchant computer system 130 combines basic capture request 1110, a copy of its encryption public key certificate 1115 and a copy of its signature public key certificate 1120.
  • Merchant computer system 130 calculates a digital signature 1125 for the combined contents of the combined block 1130 comprising basic capture request 1110, the encryption public key certificate 1115 and the signature public key certificate 1120, and appends it to the combination of the combined basic capture request 1110, the encryption public key certificate 1115 and the signature public key certificate 1120.
  • the merchant computer system calculates digital signature 1125 by first c ⁇ dculating a message digest over the contents of the combined basic capture request 1110, the encryption public key certificate 1115 and the signature public key certificate 1120.
  • the message digest is then encrypted using the merchant computer system's 130 digital signature private key, thus forming a digital signature.
  • Figure 1 IB depicts the combined block 1130 formed by function block 1020 and containing basic capture request 1110, the encryption public key certificate 1115, the signature public key certificate 1120, and digital signature 1125.
  • merchant computer system 130 generates a random encryption key 1140, denoted as RK-3.
  • Random encryption key RK-3 1140 is a symmetric encryption key.
  • Figure 11C depicts random encryption key RK- 3 1140.
  • merchant computer system 130 encrypts combined block 1130 using random encryption key RK-3 1140 to form encrypted combined block 1150.
  • Figure 11D depicts encrypted combined block 1150.
  • the encryption state of encrypted combined block 1150 is graphically shown by random key lock 1155, which indicates that encrypted combined block 1150 is encrypted using r ⁇ mdom key RK-3 1140.
  • merchant computer system 130 encrypts r ⁇ mdom encryption key RK-3 1140 using the public key of payment gateway system 140 to form encrypted random key 1160
  • Figure HE depicts encrypted random key 1160.
  • the encryption state of encrypted random key 1160 is graphically shown by payment gateway public key lock 1165, which indicates that encrypted random key RK-3 1160 is encrypted using the payment gateway public key.
  • merchant computer system 130 concatenates encrypted combined block 1150, encrypted random key 1160, and the encrypted capture token 780 and encrypted random key RK-2 790 that were stored in function block 850 to form merch ⁇ int capture request 915.
  • Figure 11F depicts merchant capture request 915, comp ⁇ sing encrypted combined block 1150, encrypted random key 1160, encrypted capture token 780 and encrypted random key RK-2 790.
  • merchant computer system 130 transmits merchant capture request 915 to payment gateway system 140.
  • Payment Capture Request Processing Figure 12 depicts the detailed steps of processing a payment capture request and generating and transmitting a payment capture request response.
  • Function blocks 1210 through 1245 depict the steps of processing a payment capture request
  • function blocks 1250 through 1285 depict the steps of generating and transmitting a payment capture request response.
  • payment gateway computer system 140 applies its private key to encrypted random key 1160 contained within received merchant capture request 915, thereby decrypting it and obtaining a cleartext version of random key RK-3 1140.
  • function block 1215 payment gateway computer system 140 applies random key RK-3 1140 to encrypted combined block 1150, thereby decrypting it and obtaining a cleartext version of combined block 1130.
  • Combined block 1130 comprises basic capture request 1110, a copy of merchant computer system's 130 encryption public key certificate 1115 and a copy of merchant computer system's 130 signature public key certificate 1120, as well as merchant digital signature 1125.
  • payment gateway computer system 140 ve ⁇ fies merchant computer system's 130 encryption public key certificate 1115 ⁇ ind merchant computer system's 130 signature pubhc key certificate 1120.
  • Payment gateway computer system 140 performs this ve ⁇ fication by making a call to the certification autho ⁇ ues associated with each certificate. If ve ⁇ fication of either certificate fails, payment gateway computer system 140 rejects the capture request.
  • payment gateway computer system 140 validates merchant digital signature 1125.
  • Payment gateway computer system 140 performs this validation by calculating a message digest over the contents of the combined basic capture request 1110, the encryption public key certificate 1115 and the signature public key certificate 1120. Payment gateway computer system 140 then decrypts digital signature 1125 to obtain a copy of the equivalent message digest calculated by merchant computer system 130 in function block 1020. If the two message digests are equal, the digital signature 1125 is validated.
  • payment gateway computer system 140 rejects the capture request
  • payment gateway computer system 140 applies its p ⁇ vate key to encrypted r ⁇ mdom key RK-2 790 contained within received merchant capture request 915, thereby decrypting it and obtaining a cleartext version of random key RK-2 775
  • payment gateway computer system 140 applies random kev RK-2 775 to encrypted capture token 780, thereby decrypting it and obtaining a cleartext version of capture token 770
  • payment gateway computer system 140 ve ⁇ fies that a proper transaction is being transmitted between capture token 780 and capture request 1110.
  • a capture token contains data that the gateway generates at the time of authorization
  • the encrypted capture token is given to the merchant for storage
  • the merchant returns the capture token to the gateway along with other information required for capture.
  • the gateway compares a message made of the capture request data and the capture token data and transmits this information over a traditional credit/ debit network. If an improperly formatted transaction is detected, payment gateway computer system 140 rejects the capture request
  • payment gateway computer system 140 determines the financial institution for which capture is requested by inspection of basic capture request 1110.
  • Payment gateway computer system 140 contacts the approp ⁇ ate financial institution using a secure means, e.g, a direct-dial modem-to-modem connection, or a propnetary internal network that is not accessible to third parties, and using pnor art means, instructs a computer at the financial institution to perform the requested funds transfer after settlement Payment Capture Response Generation
  • a secure means e.g, a direct-dial modem-to-modem connection, or a propnetary internal network that is not accessible to third parties
  • Function blocks 1250 through 1285 depict the steps of generating and transmitting a payment capture request response.
  • Figures 13A through 13F depict views of the payment capture response and its component parts.
  • payment gateway computer system 140 creates a basic capture response 710.
  • the basic capture request is a data area that includes all the information to indicate whether a capture request was gr ⁇ mted or denied.
  • Figure 13A depicts basic authorization request 1310.
  • payment gateway computer system 140 combines basic capture response 1310, and a copy of its signature public key certificate 1320.
  • Payment computer system 140 c ⁇ dculates a digital signature 1325 for the combined contents of the combined block 1330 comprising basic capture response 1310 and the signature public key certificate 1320, and appends the signature to the combination of the combined basic authorization request 1310 and the signature public key certificate 1320.
  • the payment gateway computer system calculates digital signature 1325 by first calculating a message digest over the contents of the combined basic capture response 1310 and signature public key certificate 720. The message digest is then encrypted using the merchant computer system's 140 digital signature private key, thus forming a digital signature.
  • Figure 13B depicts the combined block 1330 formed by function block 1255 and containing basic capture request 1310, the signature public key certificate 1320, and digital signature 1325.
  • payment gateway computer system 140 generates a symmetric random encryption key 1340, denoted as RK-4.
  • Figure 13C depicts random encryption key RK- 4 1340.
  • payment gateway computer system 140 encrypts combined block 1330 using random encryption key RK-4 1340 to form encrypted combined block 1350.
  • Figure 13D depicts encrypted combined block 1350.
  • the encryption state of encrypted combined block 1350 is graphically shown by random key lock 1355, which indicates that encrypted combined block 1350 is encrypted using random key RK-4 1340.
  • payment gateway computer system 140 encrypts random encryption key RK-4 1340 using the public key of merchant computer system 130 to form encrypted random key RK-4 1360
  • Figure 13E depicts encrypted random key RK-4 1360
  • the encryption state of encrypted random key 1360 is graphically shown by merchant pubhc key lock 1365, which indicates that encrypted random key 1360 is encrypted using the merchant public key
  • payment gateway computer system 140 concatenates encrypted combined block 1350 and encrypted random key RK-4 1360 to form merchant capture response 925
  • Figure 13F depicts merchant capture response 925 rompnsing encrypted combined block 1350 and encrypted random key RK-4 1360
  • payment gateway computer system 140 transmits merch ⁇ uit capttire response 925 to merchant system 130.
  • FIG. 14 depicts the detailed steps of processing a payment capture response
  • merchant computer system 130 applies its p ⁇ vate key to encrypted random key RK-4 1360 contained within received merchant capture response 925, thereby decrypting it and obtaining a cleartext version of random key RK-4 1340
  • function block 1420 merchant computer system 130 applies random key RK-4 1340 to encrypted combined block 1350, thereby decrypting it and obtaining a cleartext version of combined block 1330
  • Combined block 1330 comp ⁇ ses basic capture response 1310, a copy of payment gateway computer system's 140 signature public key certificate 1320, as well as payment gateway digit ⁇ d signature 1325
  • merchant computer system 130 ve ⁇ fies payment gateway computer system's 140 signature pubhc key certificate 1320
  • Merchant computer system 130 performs this ve ⁇ fication by making a call to the certification autho ⁇ tv associated with the certificate If ve ⁇ fication of the certificate fails, merchant computer system 130 concludes that the capture response is counterfeit and raises an error condition
  • merch ⁇ mt computer system 130 validates oayment gateway digital signature 1325.
  • Merchant computer system 130 performs this validation by calculating a message digest over the contents of the combined basic authorization request 1310 and the signature public key certificate 1320
  • Merchant computer system 130 then decrypts digital signature 1325 to obtain a copy of the equivalent message digest calculated by payment gateway computer system 140 in function block 1255.
  • merchant computer system 130 stores capture response for later use in by legacy system accounting programs, e.g to perform reconciliation between the merchant operating merchant computer system 130 and the financial institution from whom payment was requested, thereby completing the transaction
  • legacy system accounting programs e.g to perform reconciliation between the merchant operating merchant computer system 130 and the financial institution from whom payment was requested, thereby completing the transaction
  • the system of the present invention permits immediate deployment of a secure payment technology ⁇ irchitecture such as the SET architecture without first establishing a public-key encryption infrastructure for use by consumers It thereby permits immediate use of SET-comphant transaction processing without the need for consumers to migrate to SET-comphant application software.
  • a Virtu ⁇ d Point of Sale (vPOS) Terminal Cart ⁇ dge is desc ⁇ bed in accordance with a preferred embodiment.
  • the vPOS Terminal Cart ⁇ dge provides payment functionality similar to what a Ve ⁇ Fone POS terminal ("gray box") provides for a merchant today, allowing a merchant to process payments securely using the Internet It provides full payment functionality for a variety of payment instruments.
  • FIG. 15A illustrates a payment processing flow in accordance with a preferred embodiment
  • the payment functionality provided by the vPOS terminal is divided into two mam catego ⁇ es- "Merchant-Initiated" 1510 and "Consumer-Initiated” 1500.
  • Some payment transactions require communication with the Acquirer Bank through the Gateway 1530.
  • the normal flow of a transaction is via the vPOS Cartridge API 1512 to the vPOS C++ API 1514 into the payment protocol layer 1516 which is responsible for converting into the appropnate format for transmission to the Gateway for additional processing and forwarding to existing host payment authorization systems
  • Host legacy format refers to an existing authorization system for credit card approval currently utilized with the VenFone Point of Sale (POS) gray terminals.
  • POS VenFone Point of Sale
  • the output from the payment protocol layer 1516 is transmitted to the authorization processing center via the gateway 1530.
  • These transactions are referred to as “Online Transactions” or “Host Payments.”
  • the transactions that can be done loc ⁇ dly by the merch ⁇ mt without having to communicate with the Acquirer Bank are referred to as "Local Functions and Transactions "
  • Host Payment Functionality These transactions require communication with the final host, either immediately or at a later stage. For example, an Online Authorization-Only transaction, when initiated, communicates with the host immediately.
  • Off-line Autho ⁇ zation-Only transaction is locally authorized by the vPOS terminal without having to communicate with the host, but at a later stage this off-line authorization transaction is sent to the host.
  • this off-line authorization transaction is sent to the host.
  • some transactions have an associated Payment Instrument, while others do not.
  • a preferred embodiment of a vPOS terminal supports va ⁇ ous Payment Instruments.
  • a consumer chooses a payment based on personal preferences.
  • Some o f the Payment Instruments supported include:
  • the table below enumerates the URLs corresponding to the transactions supported by the vPOS Terminal Cart ⁇ dge. Note that the GET method is allowed for all tr ⁇ msactions, however, for transactions that either create or modify information on the merchant server, a GET request returns an HTML page from which the transaction is performed via a POST method
  • This section desenbes the GET ⁇ md POST .arguments that are associated with each transaction URL. It also desc ⁇ bes the results from the GET and POST methods. For URLs that produce any kind of results, the following fields .are present in the HTML document that is returned by the vPOS Terminal Cart ⁇ dge:
  • txnDate Date of the transaction (mm/dd/yy or dd/mm/yy)
  • txnTime Time of the transaction hh:mm:ss GMT or hh mm:ss local merchantld Merchant ID of the merchant using the vPOS terminal terminalld vPOS Terminal Id txnNum Transaction number of the given transaction txnType Type of tiansaction
  • txnAmount Transaction amount that is being authorized, forced posted, voided, etc. poNumber Purchase order number authldentNu Authorization ID number for the transaction m retRefNum Ret ⁇ eval reference number for the given transaction pilnfo Payment instrument information. This vanes for different payment instruments. For ex ⁇ imple, in the case of credit cards, the credit card number (piAcctNumber) and expiration date (piExpDate) are returned.
  • piAcctNumber Payment Instrument account numoer e.g , Visa credit card number piExpDate Expiration date txnAmt Tr ⁇ msaction amount
  • URL Functionality Validates the cardholder's account number for a Sale that is performed at a later stage. The transaction does not confirm the sale to the host, and there is no host data capture The vPOS captures this transaction record and later forwards it to confirm the sale m the Forced Post transaction request GET Arguments: None.
  • POST Results Because the Auth Only transaction modifies data on the merchant server side, the POST method should be used. Using the GET method returns an HTML form that uses the POST method to perform the transaction.
  • POST Arguments piAcctNumber Payment Instrument account number, e g , Visa credit card number piExpDate Expiration date txnAmt Transaction amount
  • /vPOSt/ci/authonly/ URL should be used for customer-initiated transactions.
  • /vPOSt/mi/authonly/ should be used for merch ⁇ t-imtiated transactions.
  • the mrchtBlnceA Merchant balance amount for a given merchant is the difference between the credit and debit amount since the last settlement between the merchant and the acquirer Batch Review
  • URL Functionality Ret ⁇ eves all records from the transaction log or the batch.
  • the GET method ret ⁇ eves the transactions that have been batched in the vPOS terminal for future reconciliation.
  • the batch can be cleared from the vPOS terminal after a manual reconciliation between the acquirer and the vPOS.
  • the batch data is ret ⁇ eved as a set of records and is formatted as a table in the HTML document. The following fields are present in a typic ⁇ il record:
  • nTransType Transaction type nPurchOrderNo Purchase order number szAcctNum Customer's payment instrument account number szExpDate Customer's payment instrument expiration date szTrans.Amt Transaction amount szTransDate Transaction date szTr ⁇ sTime Transaction time szRet ⁇ evalRefN u Transaction's ret ⁇ eval reference number m szAuthld Authorization ID for the tr ⁇ msaction szO ⁇ gAmt Original transaction amount szBatchNum Batch number for the given transaction nCurrencyType Currency in which the tr ⁇ msaction was done
  • the GET method returns a default HTML form that contains the current configuration values.
  • the form can be modified and posted using the /vPOSt/mi/cdt/update/ URL to update the card definition table. Not all fields in the card definition table are editable The following fields are returned in a form to the user:
  • nHostlndex Index into the Host Definition Table or the Acquirer that maps to this card issuer.
  • szPANLo Low end of the PAN P ⁇ mary Account Number
  • szPANHi High end of the PAN range nMaxPANDigit Maximum number of digits in the PAN for this acquirer.
  • the GET method returns a default HTML form that contains the current configuration values.
  • the form can be filled out ⁇ md posted using the /vPOSt/mi/cdt/ update
  • URL Functionality Zeroes out the accumulator totals currently resident in the vPOS termmal.
  • GET Arguments None.
  • GET Results Presents a form that uses the POST method to zero the accumulators.
  • POST Arguments None.
  • POST Results Zeroes the accumulators/ transaction totals in the vPOS terminal.
  • GET Results Presents a form that uses the POST method to clear the batch.
  • POST Results Zeroes the tr ⁇ msactions that comprise the batch in the vPOS termin ⁇ il.
  • URL Functionality Confirms to the host the completion of a sale, and requests for data capture of the transaction. This is used as a follow-up transaction after doing an Authorization (Online or Off-line) tr ⁇ msaction.
  • GET Arguments None.
  • GET Results Returns the HTML form for performing the Forced Post transaction.
  • POST Results On success, pvsTxnNum is presented in the HTML document. On failure, an HTML document is returned that contains the reason for the failure of the transaction.
  • the GET method returns a default HTML form that contains the current configuration values.
  • the form can be modified ⁇ md posted using the /vPOSt/mi/hdt/update URL to update the hosts definition table. Not all fields in the host definition table are editable. The following fields are returned in a form to the user:
  • szTermld Terminal ID for this vPOS termin ⁇ d szMerchld Merchant ID for this vPOS terminal szCurrBatchNu Current batch number existing on the vPOS m szTr ⁇ msNum Reference number for the next transaction in the vPOS transaction log/ batch. This is generated by vPOS and is not editable by the merchant. szTPDU Transport Protocol Data Unit. Required for building the
  • szHostName Name for identifying the host.
  • nHostType Host type nNumAdv Number of off-line transactions that can be piggy-backed at the end of an on-line transaction.
  • HDT Update URL Functionality Updates the vPOS termin ⁇ d configuration data corresponding to the Host Definition Table (HDT).
  • GET Arguments None GET Results: The GET method returns a default HTML form that contains the current configuration values. The form can be filled out ⁇ md posted to the merch ⁇ mt server using the /vPOSt/mi/hdt/update URL to update the host definition table
  • POST Results Resets a Boolean flag on the merchant server that enables transactions to be accepted by the vPOS terminal.
  • POST Results Because the Offline Auth transaction modifies data on the merchant server side, the POST method should be used. Using the GET method returns an HTML form for using the POST method to perform the transaction.
  • POST Arguments piAcctNumber Payment Instrument account number, e g., Visa credit card number piExpDate Expiration date txnAmt Transaction amount
  • URL Functionality Downloads the vPOS configuration information from the host and sets up the vPOS in the event of the configuration data being changed.
  • GET Arguments None GET Results: Retrieves an HTML form that uses the POST method for the parameter download transaction.
  • POST Results Downloads the following parameters from the host and uploads them into the vPOS terminal configuration table. • card /issuer definition table (CDT)
  • va ⁇ ous configuration parameters can be reviewed and modified using the URLs for the desired functionality.
  • URL Functionality Completes a pre-autho ⁇ zation transaction.
  • GET Arguments None
  • GET Results Ret ⁇ eves the HTML form for posting the pre-autho ⁇ zation completion transaction.
  • Reconcile URL Functionality This transaction is done at the end of the day to confirm to the host to start the settlement process for the transactions captured by the host for that particular vPOS batch.
  • POST Results On success, the reconcile function p ⁇ nts any discrepancies m the merchant's batch of transactions and totals vis-a-vis the host's batch of transactions in totals.
  • the output format is a combination of the output of the Batch Review and Accum Review transactions.
  • the vPOS terminal captures the tr ⁇ msaction record for this transaction.
  • URL Functionality- Checks the presence of the host and also the mteg ⁇ ty of the link from the vPOS to the host. GET Arguments: None.
  • POST Results Currently, debit c ⁇ ird based transactions are not supported. The result is an HTML document indicating the success or failure of the host logon operation.
  • the GET method returns a default HTML form that contains the current configuration values corresponding to the vPOS terminal's communication parameters.
  • the form can be filled out and posted to the merchant server using the /vPOSt/mi/cpt/ update URL to update the communications parameter table.
  • the following fields are returned in a form to the user:
  • the GET method returns a default HTML form that contams the current configuration values.
  • the form can be modified and posted to update the communication parameter table POST Arguments:
  • the HTML document returned by the vPOS contains the values set by the merchant.
  • the HTML document contains the reason for the failure of the invocation of the URL
  • the GET method returns a default HTML form that contains the current configuration values.
  • the form c ⁇ be filled out ⁇ md posted using the /vPOSt/mi/tct/update URL to update the terminal configuration table.
  • TCT Update URL Functionality Updates the vPOS terminal configuration data corresponding to the Terminal Configuration Table (TCT) GET Arguments: None
  • the GET method returns a default HTML form that contains the current configuration values
  • the form can be filled out and posted using the /vPOSt/mi/tct/update URL to update the terminal configuration table
  • URL Functionality Permits the merch ⁇ mt and customer to querv a s ven transaction corresponding to a transaction number.
  • GET Results For a given transaction, the URL returns an HTML document If a transaction refers to an older transaction, the transaction's entire history is made a ⁇ a ⁇ lable.
  • the vPOS terminal provides a framework whereby different documents are returned based upon a number of preferences. Currently the language and content-type are supported as preferences
  • Each of the transaction has a set of documents associated with it: form for the payment transaction, GET success, GET failure, POST success, and POST failure
  • the vPOS terminal cartridge has a configuration file that allows the user to specify the content-type as well as the language to be used for a cartridge.
  • the first release of the vPOS terminal cart ⁇ dge supports one content-type and language for each server.
  • vPOSTIn ⁇ t(), vPOSTExecQ and vPOSTShut() are the entry points required for each cart ⁇ dge in accordance with a preferred embodiment.
  • the other functions implement some of the key vPOST cart ⁇ dge functionality.
  • a source listing of the vPOS code is provided below to further accentuate the detailed disclosure of a preferred embodiment
  • This section desc ⁇ bes the format of a record for the transaction log for the vPOST cart ⁇ dge Field Name Field Description
  • nTransType Transaction Type nPurchOrderNo Purchase Order Number szAcctNum Payment Instrument Account number szExpDate Payment instrument expiration date s ⁇ Tr ⁇ msAmt Transaction amount szTransDate Date of transaction (configurable to be mm/dd/yy or dd/mm/yy) szTr ⁇ msTime Time of transaction (configurable to be GMT or local time) szRet ⁇ evalRefNum Ret ⁇ eval reference number szAuthld Authorization ID szOrigAmt O ⁇ ginal tr ⁇ msaction amount szBatchNum Batch number to which this particular transaction belongs in the vPOST batch nCurrencyType Currency InTransNum Transaction number
  • the vPOS provides an interface for transactions which are initiated both by the consumer and the merchant.
  • the merchant initiates a transaction from a Graphical User Interface (GUI) 1550 and all the transactions that are initiated by the consumer are routed by the Merchant WEB Server 1545.
  • GUI Graphical User Interface
  • the Authorization/ Data Capture Module 1560 processes the requests originated by the merchant or the consumer and routes them to the Protocol Module 1565.
  • the Protocol Module is responsible for building the payment protocol request packet (e.g., an SSL-encapsulated ISO 8583 packet) 1570 before sending the request to the Gateway 1579.
  • the Gateway 1579 awaits a response from the Protocol Module 1565, and upon receiving the response, the Gateway 1579 parses the data ⁇ md provides unwrapped data to the Authorization/ Data- Capture Module 1560.
  • the Authorization /Data-Capture Module 1560 analyzes the response and up ates the Transaction Log 1580.
  • the Transaction Log 1580 contains information concerning any successfully completed transactions and the accumulators or the transaction totals
  • the vPOS terminal creates and maintains the Transaction Log 1580
  • the vPOS Configuration Data 1585 contains information which is used to configure the behavior of the vPOS
  • the entire vPOS functionality is thread-safe and hence using the vPOS in a multi- threaded environment does not require any additional interfacing requirements
  • Figures 36-48 are vPOS screen displays in accordance with a preferred embodiment.
  • the different Payment Functionality provided by the vPOS terminal can be divided into two main catego ⁇ es as “Merchant Initiated” and “Consumer Initiated.” Some of these transactions require communication with the Gateway and these transactions are referred to as “Online Transactions.” The transactions which can be done locally to the merchant without having to communicate are referred to as “Local Functions/Transactions.” In order to provide support for many different types of Payment Instruments, the vPOS Payment Functionality have been categorized.
  • Host payment functionality and transactions require communication with the host either immediately or at a later stage.
  • Each of the host financial payment transactions come to this category and require a Payment Instrument.
  • These transactions can be initiated with different types of Payment Instruments which the vPOS terminal supports.
  • An authorization without capture transaction is used to validate the card holder's account number for a sale that needs to be performed at a later stage.
  • the transaction does not confirm a sale's completion to the host, and there is no host data capture in this event.
  • the vPOS captures this transaction record and later forwards it to the host to confirm the sale in a forced post transaction request.
  • An authorization without capture transaction can be initiated both by the consumer and the merchant.
  • a forced post transaction confirms to a host computer that a completion of a sale has been accomplished and requests data capture of the transaction.
  • the forced post transaction is used as a follow-up transaction after doing an authorization (Online or Off-line) transaction
  • the transaction can be initiated only by the merchant
  • the authorization with post transaction is a combination of authorization without capture and forced post transactions This transaction can be initiated both by the consumer and the merchant
  • the offline post transaction is identical to the "authorization without capture” transaction, except that the transaction is locally captured by the vPOS without initiating communication with a host A forced post operation is done as a follow-up operation of this transaction This transaction can be initiated by both the consumer and the merchant
  • the return transaction is used to credit the return amount electronic ⁇ dly to the consumer's account when a purchased merchandise is returned
  • the vPOS captures the return transaction record when the merchandise is returned, and this transaction can be initiated only by the merchant
  • the void transaction cancels a previously completed draft capture transaction
  • the vPOS GUI provides an interface for ret ⁇ evmg a transaction record required to be voided from the batch and passes it to the Authorization/ Data-Capture module after confirmation
  • the batch record is undated to reflect the voided transaction after getting an approval from the gateway This transaction can be initiated only by the merchant
  • the pre-authonzation transaction is identical to the authorization without capture transaction, but the consumers' "open-to-buy" amount is reduced by the pre-autho ⁇ zation amount
  • An example of this type of transaction is the "check-in" transaction m a hotel environment A check-in transaction sends a pre-authonzation request to the host, so that an amount required for the customers' stay in the hotel is reserved
  • the pre-autho ⁇ zation transaction is followed by a pre-autho ⁇ zation complete transaction This transaction can be initiated both by the consumer and the merchant
  • the pre-autho ⁇ zation compk 2 tr ⁇ msaction is done as a follow-up to the pre-authonzation transaction This transaction informs the host of the actual transaction amount
  • the pre- autho ⁇ zation complete transaction amount could be more or less than the pre-authonzation amount
  • An example is the "check-out" transaction in a hotel environment The check-out amount can be less than or more than the check-in amount
  • the adjust transaction is initiated to make a correction to the amount of a previously completed transaction
  • the adjust transaction can be initiated only by the merchant
  • the h administrative transactions do not require any payment instrument
  • the balance inquiry transaction is used for on-line inquiry into the balance of the merchant's account
  • the batch data or the configuration data is not affected by this transaction
  • the reconciliation or close transaction is processed at the end of the day to start the settleme process for the transactions captured by the host for that particular vPOS
  • the host log-on transaction is an administrative transaction which is used to synchronize the vPOS with the host at the start of the day and also initiate a fresh batch at the vPOS termina
  • the parameters download transaction is used to download the vPOS configuration informatio from the host and set-up the vPOS in the event of any change in the configuration data
  • a te transaction is used to detect the presence of a host and the status of a link from the vPOS to the nost
  • the totals or accumulators review is a local information inquiry function and is used to ret ⁇ eve the local (merchant's) totals
  • the detail transaction or the batch review function is used to retneve all the records from the transaction log or the batch
  • the clear batch function is used to start a fresh batch This transaction is utilized to electronically reconcile the vPOS with the host an to manually reconcile the vPOS with the host After completing the manual reconciliation processing, the merchant can initiate this transaction to start a fresh batch
  • the clear accumulator function is similar to the clear batch functionality and resets all vPOS terminal accumulators to zero This function is required when the merchant is not able to reconcile the vPOS with the host eiectronicalh
  • the vPOS unlock or start transaction is a local function used to start the vPOS at the start of the day
  • the vPOS lock or stop function is used to Lock or stop the vPOS from accepting any transactions.
  • the vPOS configuration setup function is used to setup the vPOS configuration data
  • the vPOS configura ⁇ on data is divided into different tables, for example, the Card/ Issuer Definition Table (CDT), the Host/ Acquirer Definition Table (HDT), the Communications Parameters Table (CPT) and the Termmal Configuration Table (TCT) The following sections expl ⁇ un each of these configuration tables in detail
  • HDT Host Definition Table
  • the table contains information specific to the acquirer
  • Terminal Identifier ANS(20) Termmal ID for this acquirer/ host
  • Host Name or ANS(20) Name for identifying the host e g , "AMEX-SIN" Label This is only a text st ⁇ ng and is used for the purpose of identifying the host.
  • the following fields specify whether Data Capture Required for a particular transaction for this acquirer.
  • Host Protocol Type 1(2) Host Protocol type, e.g., ISO 8583, SET, etc.,
  • Host Protocol Sub- 1(2) Sub protocol type, e.g., AMEX-IS08583, Type MOSET, etc.,
  • PAN Low Range N(19) Low end of the PAN range .
  • Minimum PAN 1(2) The minimum number of digits in the PAN for digits this acquirer.
  • Card Label ANS(20) Card Issuer Name for identification, e.g., VISA.
  • the following fields specify whether a particular transaction is allowed for a card range.
  • This table contains communications parameters information specific to an acquirer
  • the HDT and this table have a one-to-one mapping between them
  • P ⁇ mary Address AN(100) Primary Host Address (Telephone number, IP address, etc )
  • This table contams information specific to a particular vPOS terminal
  • the vPOS terminal supports different Payment Instruments ⁇ md each of the Payment Functions desc ⁇ bed above can be initiated by these different Payment Instruments
  • the consumer making a purchase from a merchant provides a choice of payment methods depending upon their personal preference.
  • the Payment Instrument Class Hierarchy which is used by the different vPOS terminal Payment Functions is described below
  • FIG. 17 shows a typical message flow between the consumer, merchant, vPOS termin ⁇ d and the Gateway This section desc ⁇ bes the different classes listed in the previous section, their data and members, and defines the type of the transaction that is to be performed Processing commences at 1700 when a merchant server receives a sales order and passes it via the vPOS Graphical User Interfece (GUI) 1710 to an autho ⁇ zer 1720 for approval and subsequent protocol processing 1730 and ultimately transmission via the gateway 1740 to the network
  • GUI Graphical User Interfece
  • CVPCL.HDT Communications Parameters Table
  • CVPCL_TCT Termmal Configuration Parameters
  • CVPCLAccum Accumulator Record
  • This section contains all the host tr ⁇ msaction class definitions.
  • CVPCLHostTrans Host Transaction Class
  • a payment instrument e.g., a Credit Card
  • CVPCLFinancialTrans Data Transaction Amount (CVPCLAmt)
  • CVPCLF ancialTransO EStatus GetTransAmt(CVPCLAmt&); EStatus GetPurchOrderNum(char *);
  • CVPCLFinCCTrans Financial Credit Card Transaction Class
  • CVPCL_CCAuthOnly() EStatus InitializeTrans(TvPOSParamsBlk *);
  • CVPCL_CCAuthCapt() EStatus InitializeTrans(TvPOSParamsBlk *);
  • CVPCL_CCReturn() EStatus InitializeTrans(TvPOSParamsBlk *);
  • CVPCL-CCPreAuth Credit Card Pre-Authorization Transaction Class
  • CVPCL_CCOfllineAuth Data
  • CVPCL_CCVoid Credit Card Void Transaction Class
  • CVPCL_CCVoid Data
  • CVPCL_CCForcedPost This is the class derived from the CVPCLFinCCTrans class and implements the Forced Post Tr ⁇ msaction.
  • Class Name :
  • CVPCL_CCForcedPost Data
  • CVPCL_CCForcedPost() EStatus InitializeTransfTvPOSParamsBlk *); EStatus ExecuteTransfTvPOSResultsBlk *); EStatus ShutDownTransO; EStatus FormBatchRecO ;
  • CVPCL_CCPreAuthComp Pre-Authorization Complete Transaction Class
  • CVPCL_CCPreAuthComp Data
  • CVPCL_CCPreAuthComp() EStatus InitializeTransfTvPOSParamsBlk *); EStatus ExecuteTransfTvPOSResultsBlk *); EStatus ShutDownTransO; EStatus FormBatchRecO;
  • This class is denved from the CVPCLFinCCTrans class and is used to perform the Merchant Balance Inquiry function.
  • CVPCL_CCBalanceInq() EStatus InitializeTransfTvPOSParamsBlk *
  • CVPCLAdminHostTrans Administrative Host Transaction Class This is an abstract base class derived from the CVPCLHostTrans class and is used to derive the administrative host transaction classes.
  • CVPCLAdminHostTransO int GetHostIndex(); EStatus SetHostlndex (const int);
  • This class implements the vPOS Lock or the Stop Local functionality. Under the locked state the vPOS does not accept any tr ⁇ msaction requests.
  • the class is derived from the CVPCLLocalTrans base class. Class Name : CVPCLvPOSLock Data : Member Functions :
  • CVPCLvPOSUnlock This class implements the vPOS UnLock or the Start Local functionality.
  • the class is de ⁇ ved from the CVPCLLocalTrans base class
  • the class is denved from the CVPCLLocalTrans base class.
  • This class is de ⁇ ved from the CVPCLTransDataAdmin base class and implements the batch review functionality Class Name :
  • This class is de ⁇ ved from the CVPCLTransDataAdmin base class and implements the clear batch functionality, which is used to clear the batch in the event of doing a manual reconciliation between the vPOS and the acquirer
  • CVPCLClearBatch Data Member Functions :
  • CVPCLAccumReview This class is denved from the CVPCLTransDataAdmin base class and implements the Accumulators Review function ⁇ ihty Class Name : CVPCLAccumReview Data : Member Functions :
  • CVPCLClearAccum This class is derived from the CVPCLTransDataAdmin base class and implements the Accumulators Clear functionality.
  • the class is derived from the CVPCLLoc ⁇ dTrans base class.
  • CVPCLConfigDataAdmin Data Member Functions :
  • CVPCL_HDTReview This class is derived from the CVPCLConfigDataAdmin class and implements the Host Definition Table Review functionality.
  • Class Name :
  • CVPCL_HDTReview Data Member Functions :
  • CVPCL_CDTReview This class is derived from the CVPCLConfigDataAdmin class and implements the Card Definition Table Review functionality. Class Name : CVPCL_CDTReview
  • CVPCL .CPTReview This class is derived from the CVPCLConfigDataAdmin class and implements the Communications Parameters Table Review functionality.
  • Terminal Configuration Table Review Class fCVPCL-TCTReview This class is derived from the CVPCLConfigDataAdmin class and implements the Terminal Configuration Table Review functionality.
  • CVPCL_TCTReview() Member Functions : CVPCL_TCTReview() ;
  • CVPCLJHDTUpdate This class is derived from the CVPCLConfigDataAdmin class and implements the Host Definition Table Update functionality.
  • CVPCLJHDTUpdate This class is derived from the CVPCLConfigDataAdmin class and implements the Host Definition Table Update functionality.
  • Class Name CVPCLJHDTUpdate
  • This class is de ⁇ ved from the CVPCLConfigDataAdmin class and implements the Communications Parameters Table Update functionality
  • CVPCL_CPTUpdate Data
  • This class is de ⁇ ved from the CVPCLConfigDataAdmin class and implements the Termin ⁇ d Configuration Table Update functionality.
  • This class defines the batch record and the operations which are performed on the batch.
  • CVPCLAcc ⁇ m Accumulator Class
  • TvPOSHDTRec Host Definition Table Record Structure
  • the TvPOSHDTRec structure contains the following fields, typedef struct _vPOSHDTRec ⁇ char sZTermId[); char szMerchId[]; ch ⁇ ir szBatchNum[]; char szTPDUO; char szNII[]; ch ⁇ ix szHostN ⁇ me ⁇ ); EPCLHostProtType HostProtType; EPCLHostProtSubType HostProtSubType; / / Data Capture Required Flags vPOSBool fAuthOnlyDC; vPOSBool fAuthCaptDC; vPOSBool fForcedPostDC; vPOSBool fAdjustDC, vPOSBool fReturnDC; vPOSBool fOfflineAuthDC; vPOSBool fVoidDC,
  • Card Definition Table Class (CVPCL.CDT) This class defines the Card Definition Table record and the operations on the table. Class Name :
  • TvPOSCDTRec Card Definition Table Record Structure
  • the TvPOSCDTRec structure contains the following fields, typedef struct _vPOSCDTRec ⁇ char szPANLo[]; char szPANHi[]; char szCardLabel[j; int nHostlndex; int nMinPAN Digit; int nMaxPANDigit; / / Transaction Allowed Flags vPOSBool fAuthOnlyAllwd; vPOSBool fAuthCaptAllwd; vPOSBool fForcedPostAllwd; vPOSBool fAdjustAllwd; vPOSBool fReturnAllwd; vPOSBool fOfflineAuthAllwd; vPOSBool fVoidAllwd; vPOSBool fPreAuthAllwd; vPOSBool fPre
  • This class defines the communications parameters table and the operations on the table.
  • Class Name :
  • CVPCL_CPT Data Communications Parameters Table Record Structure (TvPOSCPTRec
  • the TvPOSCPTRec structure contains the following fields, typedef struct _vPOSCPTRec
  • This class defines the vPOS terminal configuration parameters table and the operations on the table.
  • TvPOSTCTRec Terminal Configuration Table Record Structure
  • This class defines the ⁇ imount data items and the operations on them.
  • CVPCLAmount Data Amount (char[)) Currency Type (EPCLCurrency) Member Functions :
  • CVPCLAmountO EStatus Initialize(const CPCLAmount&);
  • CPCLBankCard This class is derived from the CPCLPmtlnst class and implements the bank cards class.
  • This class is derived from the CPCLBankCard class and has the same data and the methods as the CPCLBankCard class.
  • Class Name :
  • This class is derived from the CVPCLBankCard class and implements the debit card class.
  • CPCLDebitCard Data Card Holder Encrypted PIN (char[ ]) Member Functions :
  • TvPOSParamsBlk Transaction Parameters Structure
  • TvPOSCPTRec srCPTRec TvPOSTCTRec srTCTRec ;
  • TvPOSResultsBlk Transaction Results Structure
  • TvPOSCDTRec srCDTRec TvPOSCPTRec srCPTRec
  • vPOSInterface This class provides the interface to the vPOS Transaction Class Library.
  • Class Name :
  • This API is used to start and initialize the vPOS.
  • the API definition is disclosed below.
  • API Definition vPOSBool vPOSExecutefTvPOSParamsBlk *, TvPOSResultsBlk *) Parameters :
  • FIG. 25 is a block diagram of the vPOS Terminal Architecture in accordance with a preferred embodiment.
  • the Internet 2500 provides the communicaUon processing necessary to enable the vPOS Terninal architecture.
  • the terminal interface CGI 2520 communicates via the Internet to provide information to the vPOS OLE Server 2550 which formats information in accordance with the vPOS API DLL 2560 which uses the protocol class DLL 2570 to flesh out the message for delivery to the Gateway Server 2580.
  • the collection of the vPOS OLE Server 2550, vPOS API DLL 2560 and the Protocol Class DLL 2570 make up the vPOS Software Development ToolKit (SDK) which ⁇ u-e used to enable vPOS applications for interfacing with an Operator 2540.
  • SDK Software Development ToolKit
  • the architecture of the Virtual Point of Sale (vPOS) and Virtual Gateway (GATEWAY) architecture maintains SET compliance while providing support for additional message types that are not enabled in SET.
  • the architecture includes isolation of cryptographic details in a single module to facilitate single version government approval while maximizing the flexibility of the system for customization and facilitating transfer of updated versions on an acquirer specific basis.
  • FIG. 18 is a block diagram of the extended SET architecture m accordance with a preferred embodiment Processing commences at function block 1800 for a consumer- o ⁇ ginated transaction via the World Wide Web (WWW) or 1810 for a merchant-onginated tr ⁇ msaction on the Internet In either case control passes immediately to the WWW server 1820 for the tr ⁇ msaction to be approp ⁇ ately formatted and the approp ⁇ ate interface page presented, whether the transaction is a store front 1822, shopping cart 1824, pay page 1826, standard terminal administration 1828-1830 transaction, or an extended terminal transaction 1834 If processing requires authentication of the transaction, then control passes through the Virtual Point of Sale (vPOS) Application Programming Interface (API) library 1840 for SET compliant transactions and through the vPOS API extensions library for extensions to the SET protocol Then, at function block 1842, if the transaction is SET compliant, and function block 1864 if the transaction is not SET compliant, a library of protocol stack information is used to conform the message
  • Extended SET messages are processed at the Gateway site on a two track basis with the division c ⁇ te ⁇ a being SET compliance (which will change over time as more functionality is put into SET) or SET extensions.
  • Set compliant messages are processed via the protocol statck library 1862, while SET extensions are processed via the protocol stack entension library 1864.
  • the gateway engine processes SET and Host specific code including gateway administration extensions 1872 that bypass the normal processing and flow directly from the merch ⁇ mt ⁇ md consumer server 1820 to the atewav administration extensions 1872 to the Gateway Engine 1870
  • Standard SET messages are o ⁇ ginated by the merchant software either via a pay page 1826 directly controlled by the consumer, or via an operator interface consisting of a set of HTML pages and associated executables launched by the pages (e g pay page 1826 and standard terminal administration 1828-1830 )
  • Each SET message type (e g. , authorization v capture) transmits a different set of data and each requires a different Protocol Data Unit (PDU) to desc ⁇ be its encoding Examples of how Standard SET messages are encoded are given in the SET documentation previously incorporated by reference
  • PDU Protocol Data Unit
  • the Extended SET messages are utilized as an "escape mechanism" to implement acquirer- specific messages such as settlement/ reconciliation, employee logon/ logoff, and parameter download
  • the messages are developed as a set of name-value pairs encapsulated in a PKCS-7 wrapper and wrapped in Multipurpose Internet Mail Extensions (MIME), desc ⁇ bed in a book by N Borenstem & N Freed, "RFC 1521.
  • MIME Multipurpose Internet Mail Extensions
  • the name-value pairs can have arbitrary (8-bit) data, so arbitrary items can be passed through the extended SET channel, including executable programs and Dynamic Load Libranes (DLL)s
  • Figure 18B illustrates a multipart MIME message with one Extended SET message and one Standard SET authorizing message Mime is utilized as an outer wrapper 1890 to allow an Extended SET message 1891 to be transmitted as a compon of messages embedded in one MIME multipart message In this manner, a standard SET message can be sent with an Extended SET message in one vPOS/GATEWAY communication transaction
  • Extended SET Embedding the Extended SET messages in a PKCS-7 wrapper enables the same message authentication to occur as m st ⁇ mdard SET messages
  • the same mechanism may be used to rest ⁇ ct which entities the vPOS or Gateway will trust m anv communications.
  • An important concept in Extended SET is that all messages, of any tvpe. ⁇ u-e sent in a uniform name /value pair format, thus allowing a single Protocol Data Unit to suffice for ⁇ y type of message sent through the Extended SET channel. Since arbitrary data may be sent this way, a mechanism must be provided to preclude the use of the Extended SET channel by parties other th ⁇ approved financial institutions. If this is not ensured, then the NSA and the US Department of Commerce will not approve the software for export
  • the protocol stack extension library only processes messages that have been signed by a financial institution SET certificate that is in turn signed by a payment instrument brand certificate (such as Visa or MasterCard) Stronger control over the Extended SET channel can be achieved by further rest ⁇ ctmg processing of messages to those signed (either instead of or in addtion to the financial institution SET certificate) by a second certificate belonging to a third-party agency, either governmental or p ⁇ vate (e.g., Ve ⁇ Fone, as manufacturer of the softw ⁇ ire)
  • a third-party agency either governmental or p ⁇ vate (e.g., Ve ⁇ Fone, as manufacturer of the softw ⁇ ire)
  • a particular set of Extended SET messages can be implemented by Bank X, and a different set of messages by Bank Y.
  • a vPOS has an extended terminal transaction interface as shown in Figure 18A at block 1834 for B ⁇ tnk X, and has been configured to only accept messages from a Gateway with Bank X's certificate, then it will be able to communicate those messages to a Gateway that has the certificate for Bank X, and accepts messages of the types in Bank X's message set
  • the vPOS will not be able to connect to the Bank Y gateway, or to any other system that purports to communicate via Extended SET.
  • This rest ⁇ ction is further secured by utdizing a public key certificate that is "hard wired'' into vPOS, and which is dist ⁇ mped only to gateways that use the Extended SET mechanism
  • FIG. 18C is an example flowch ⁇ u-t of message processing in accordance with a preferred embodiment.
  • Processing commences at function block 1880 when a message is received by an HTTPS server or other listener and passed to decision block 1883 to determine if the sending vPOS has transmitted an authentic message and if the vPOS is authorized to communicate with this gateway. If the message is not authentic, then the message is logged as an error ⁇ md the error is h ⁇ mdled as shown in function block 1889. If the message is authentic, then the message is decrypted at function block 1884 and the PDU parses the message into name / value pairs.
  • the remaining message is parsed at function block 1885 and the message is checked for conformance to the approp ⁇ ate specification as shown at decision block 1887. If the message does not conform, then it is logged and the error handled at function block 1889. If the message conforms to the proper specification in decision block 1887 then the message is translated into the approp ⁇ ate host format and sent to the host as shown in function block 1888.
  • a gateway receives an incoming message from a vPOS and parses the Extended SET portion of the message, a single MIME message can transmit a SET message and /or an Extended Set Message.
  • An export license for the encryption can be obtained on a case-by-case basis, and since there will be potentially millions of vPOS's, it is desireable to obtain a commodities ju ⁇ sdiction for the vPOS, to enable a single version of the vPOS (rather than one version for each bank) to be supported by the vPOS architecture
  • the architecture desc ⁇ bed here ensures that the single version of vPOS, no matter how it is configured with extended terminal transaction interfaces, cannot be used to communicate any data other than that contained in the extended SET messages that have been approved for export by the US government to be used exclusively for a specific bank.
  • Figure 18D is an example of a simple message between vPOS and Gateway using the Extended SET channel enabling an employee to sign on, or "logon" to a given terminal in accordance with the subject invention.
  • the message must contain the employee s logon ID, a password to be verified by the bank host computer, and the date and time as shown at 1894.
  • Figure 18E is an example of a simple message between vPOS and Gateway using the Extended SET channel enabling an employee to sign on, or 'logon to a given terminal in accordance with the subject invention.
  • the Gateway may respond with a logon accepted ' message 1894, as depicted in Figure 18E, which vPOS, upon receipt and authentication, then uses to unlock the terminal for that user
  • Figure 49 shows how the vPOS authenticates an incoming response to a request in accordance with a preferred embodiment Processing commences at function block 4930 when a message is received by the HTTPS, SET server, or other listener that o ⁇ gmated the request to which this reponse corresponds The message is passed to decision block 4940 to determine if the sending Gateway has transmitted an authentic message and if the gateway is authorized to communicate with this vPOS If the message is not authentic, then the message is logged as an error or possible attack and the error is handled as shown in function block 4970.
  • the message is decrypted at function block 4950 and the PDU parses the message into name/value pairs Then, based on the message type ⁇ md the extended SET version information, the remaining message is parsed at funchon block 4960 and the message is checked for conformance to the approp ⁇ ate specification as shown at decision block 4980. If the message does not conform, then it is logged and the error handled at function block 4970. If the message conforms to the proper specification in decision block 4980 then the message is translated into a standardized argument stnng to be passed to the approp ⁇ ate executable or code entry point in the vPOS, as shown in function block 4990.
  • the message may cause vPOS to execute a program that takes action or queries the user to take action.
  • the message is verified for origination from the acquirer, and is utilized to either initialize, a merchant action, such as to update the merchant's administration page (for example by blinking a message saying, "PLEASE RE-INITIALIZE YOUR TERMINAL"), or by initiating a request/ response message pair originating from the merchant (for example, "HERE ARE THE CONTENTS OF MY MIB").
  • a merchant action such as to update the merchant's administration page (for example by blinking a message saying, "PLEASE RE-INITIALIZE YOUR TERMINAL")
  • initiating a request/ response message pair originating from the merchant for example, "HERE ARE THE CONTENTS OF MY MIB”
  • Each vPOS contains one or more "serial numbers" unique to each copy of the software (a serial number may be embedded in the software, or may be a component of a public key certificate used in the software). Once a merchant has selected an acquirer and obtained the appropriate certificates, the vPOS can be customized utilizing the communication link and messages containing customization applications.
  • a bank distributes vPOS via different s ⁇ des channels.
  • the first is direct from a bank to an existing merchant with whom the bank already has an existing relationship.
  • a version of vPOS already customized for a bank is sent to the merch ⁇ mt, either directly by a bank, or through a third-party distributor or service bureau.
  • T e customizations may involve modification or replacement of, for example, a store front 1822, shopping c ⁇ irt 1824, pay page 1826, standard terminal administration transaction interface 1828-1830 or an extended terminal transaction interface 1834. This is a standard model of distribution of software that is customized for small target market segments.
  • the more interesting case, and the one that concerns the novel use of the Extended SET channel, is where the potential merchant acquires, through some non-bank channel, a "generic" vPOS which has not yet been customized to interact with a specific bank.
  • This vPOS can communicate with a "test gateway", which the merchant may use to experiment with the various features of vPOS and to test the integration of the vPOS into a tot ⁇ d online storefront.
  • the merchant In order to actually transact business over the Internet, the merchant must first obtain a merchant ID from the merchant bank with which he signs an acquiring agreement. For online payment processing, the merchant must also obtain an appropriate set of digital credentials in the form of public key certificates and possibly additional passwords, depending on the financial institution. Once these credentials are obtained, the merchant is ready to customize the already-obtained vPOS to communicate with a merchant bank's gateway.
  • the built-in "serial number” certificate and the Test Gateway public key certificate (which is "hard-wired" into the vPOS sofware), it is possible to securely download a particular bank's customization applications to a specific copy of the vPOS software .
  • the last stage of customization download is to configure the vPOS so that it only responds to a public key certificate of the merchant's acquirer. This process is illustrated here in the context of a merchant who obtains a vPOS that talks to the VeriFone test gateway, and desires to customize the vPOS to interact with a gateway at a bank.
  • the merchant has purchased a vPOS from a non-bank channel.
  • the version communicates with the VeriFone Test Gateway.
  • the merchant uses the gateway to learn about using vPOS, and to test the integration of his storefront system with his payment system.
  • the merch ⁇ mt ⁇ dso obtains certificates for payment processing from a bank, the merchant bank of choise for the merchant.
  • the merchant is now ready to customize vPOS to talk to the bank gateway.
  • the flowchart for the merchant interaction with the Test Gateway is shown in Figure 50.
  • the merchant begins at function block 5000, where the newly-obtained merchant SET certificates are installed in the vPOS.
  • the merchant then directs the vPOS to connect to the Ve ⁇ Fone Test Gateway, by selecting this option from the vPOS terminal administration home page 5005
  • the choice of this option invokes an extended terminal admin page from the default set of such pages supplied with the gene ⁇ c version of vPOS This program guides the customization process
  • the merchant interacting with the extended terminal admin page, navigates to the list of gateways which is maintained by the Test Gateway, and selects the bank to connect by selecting from the list of b ⁇ mks, at function block 5015 Du ⁇ ng this process, the merchant's public key certificates are uploaded to the Test Gateway, and checked (at decision block 5025) to ve ⁇ fy that the certificates have been signed by the bank to customize the bank for the vPOS If the certificates do not match, the merchant is advised of the situation in function block 5028, and must select a different bank. If the certificates are not valid SET certificates as detected at decision block 5020, the merch ⁇ mt is advised at function block 5028, and the session terminates If the certificates are valid and match the selected bank, customization continues at function block 5030
  • the extended terminal administration progr ⁇ un in vPOS receives a list of the customizations from the Test Gateway that must be performed to speci ⁇ dize the vPOS for a specific bank Some of these customizations are mandatory, while others are optional
  • the vPOS advises the merchant of the customizations, prompting for any choices that must be made by the merch ⁇ mt
  • the merchant's actions at this point d ⁇ ve decision block 5035 in which the vPOS either returns itself to the "gene ⁇ c" state and terminates the interaction, or begins the configuration of the vPOS, depending on the merchant's confirmation of the request to begin the configuration.
  • control is passed to function block 5040 where, the POS storesthe certificates of any gateways that it will allow mture configuration changes to be initiated from in its database This may be only a specific bank, such as a bank and the Test Gateway, or other combinations. If only a single, non-Test, bank-owned, gateway is allowed to download changes, the vPOS is no longer customizable for any other bank Then, a new copy would be purchased by the merchant to have it customized for another bank If the Test Gateway is still allowed to customize the vPOS, the merchant could switch to another merchant bank and have the current vPOS updated to work with the new bank.
  • the POS storesthe certificates of any gateways that it will allow mture configuration changes to be initiated from in its database This may be only a specific bank, such as a bank and the Test Gateway, or other combinations. If only a single, non-Test, bank-owned, gateway is allowed to download changes, the vPOS is no longer customizable for any other bank Then, a new copy would be purchased by the merchant to have it customized for another
  • the customizations are downloaded to the vPOS
  • the downloads comp ⁇ se a set of HTML pages and a set of executable programs or sc ⁇ pts that read data from the merchant, perform v ⁇ mous functions, and present data to the merchant.
  • the customizations downloaded may augment or replace m part or in whole any and all of function blocks 1822, 1824, 1826, 1828, 1830, or 1834 in Figure 18A.
  • the terminal "home page" will be replaced so that it points to the new functionality
  • the customization of the vPOS has been completed, and the merchant may now begin sending payment requests to the merchant bank or processor through the vPOS
  • Thread Safe vPOS - TID Allocation Physical terminals process a single transaction at a time since clerks are usually only able to process one transaction at a time. Web Servers can process many transactions at a time, so payment requests can often occur simultaneously Thus, the vPOS Software must have support for multi-tasking and provide support for multiple threads to be active at the same time in the same system as well as the same process. This requirement is relatively straight forward. However, the authorizing banks require that all transaction requests include a
  • Terminal ID TID
  • ⁇ md Terminal ID
  • the vPOS requires dynamic allocation of TIDs to requestmg threads
  • One way of providmg for multiple TID's is to assign a "base" TID, and either an "extension” (a set of extra digits appended to the base), or an increment (a number which is added to the base to obtain the complete TID). While such a solution can be used for the majo ⁇ ty of banks and processors, not all banks/ processors can accomodate this solution.
  • One ex ⁇ unple is First Data Corporation. For its ENVOY protocol, the termm ⁇ d ID must use the Luhn check as recited in an ISO ransrk, which adds a checksum digit to the the termin ⁇ d ID to reduce ch ⁇ mces of fraud or of mistyped information.
  • a pool of TID's is used.
  • the TID's stored in the pool need not be a sequential set of numbers; in fact they can be alpha/ special/ nume ⁇ c combinations, and the TID's need have no relation to one another.
  • a TID is represented as a token in a pool that can be associated with a particular transaction.
  • the vPOS provides a TID pool in tabular form in a database management system (DBMS).
  • DBMS database management system
  • This table has two colums: TID NAME & Allocation date/time. If the TID date is null, then the TID is not in use and may be assigned. A date/ time field is utilized to ⁇ dlow TID allocations to expire. TID requests ⁇ ire made utilizing a SQL query on the TID Pool to find the first null or expired date/ time, which is replaced with the current date/time and the TID name returned.
  • the unique ⁇ irchtitecture of the Cardholder 120, Merchant 130 and Gateway 140 provides communication capability between the modules utilizing the Internet to support linkages 150 and 170. Since the Internet is so pervasive, and access is available from virtually any computer, utilizing the Internet as the communication backbone for connecting the cardholder, merchant and access to the authorizing bank through a gateway allows the merchant vPOS software to be remotely located from the merchant's premises. For example, the c ⁇ udholder could pay for goods from any computer system attached to the Internet at any location in the world. Similarly, the merchant vPOS system could be located at a central host site where merchant vPOS systems for various merch ⁇ mts all resided on a single host with their separate access points to the Internet.
  • the merchant could utilize ⁇ my other computer attached to the Internet utilizing a SSL or SET protocol to query the remote vPOS system and obtain capture information, payment administration information, inventory control information, audit information and process customer satisfaction information.
  • a merchant can obtain the information necessary to run a business smoothly and avoid hiring IS personnel to maintain the vPOS system.
  • vPOS Multi-Merchant Processing Multiple merchant processing refers to the ability of a plurality of merchants to process their individual vPOS transactions securely on a single computer.
  • the architecture relies on each payment page obtaining the merchant name in a hidden field on the payment page.
  • the vPOS engine receives tl. • merchant name with a particular transaction and synchronizes the processing utilizing a Set Merchant method. This command causes the vPOS API to look up a unique registry tree based on the merchant name.
  • a registry tree contains Card Definition Tables (CDT)s, Acquirer Definition Tables (ADT)s, Merchant Definition Tables (MDT)s, Protocol Configuration Tables (PCT)s, etc.
  • CDT Card Definition Tables
  • ADT Acquirer Definition Tables
  • MDT Merchant Definition Tables
  • PCT Protocol Configuration Tables
  • the CDTs point to specific ADTs since each supported card can be supplied by a distinct acquirer. This is one form of split connection.
  • Each of the ADTs in turn point to PCTs, and some acquirers can support multiple parallel gateways
  • a merchant's name refers to a unique database in the database management system which contains for example, TIDs.
  • the Acquirer Definition Table is que ⁇ ed to ascertain the particular Gateway (VFITest), then if B ⁇ mk of Amenca requires ve ⁇ fication of network communication information, the particular CardDT is accessed with for example VISA The particular merchant will service VISA transactions utilizing a particular acquirer. The particular piece of merchandise will also be detailed in a data base Finally, the merchant Configurations wil 1 also be stored in the database to facilitate E-mail and name lookup
  • vPOS CLIENT The interaction between the vPOS and a client commences when a pay page solicits parameters of a transaction. Then, the parameters are validated to be sure the payment instrument, for example, cardnumber is not null. Then, a transaction object is created, eg. AUTHONLY, and the object is initialized and stuffed with parameters of the transaction, eg. ao.setpan(accnum), and the object is executed This execution invokes the vPOS engine. The vPOS engine further validates the parameters based on the particular merchant's configuration. For ex ⁇ imple, some merchans do not accept Ame ⁇ can Express C ⁇ irds, but will take Visa, and all merchants check the expiration date of the card.
  • a TID is assigned (expi ⁇ ng, existing TIDs) or block a new TID from the TID Pool This generates a STAN, XID, RRPID unique tag and creates an initial record in the transaction database which is flagged as before gateway processing in case the transaction crashes and must be backed out.
  • the protocol parameters are identified in the registry based on card type, ⁇ md a particul ⁇ u" acquirer identified.
  • a protocol object is created and executed to extract results from the protocol object and the before gateway "bit" is flipped to again flag the location of the transaction in the process as it is submitted to the Gateway
  • results received back from the Gateway are placed into a transaction object with is reported back to the pay page and ultimatey back to the pay page user
  • a novel feature of the vPOS software provides payment page customization based on a merchant's preferences This feature automatically lists cards that are accepted by a particular merchant based on the active terminal configuration Each approved card for a particular merchant is linked to the display via an URL that provides a pointer to the credit card information supported by the merchant. Each card has an entry in a data structure referred to as the Card Definition Table (CDT)
  • CDT Card Definition Table
  • FIG. 19 illustrates the logic utilizing a flowchart, and a listing of the source code below Processing commences at terminal 1900 and immediately flows to function block 1910 where an index va ⁇ able is miti ⁇ dized for stepping through each of the accepted payment instruments for the merchant's page Then, at function block 1930, a URL key is obtained associated with the current merchant pay page and index value.
  • the URL key is a registry key name that points to a picture of a credit card that the merchant has associated with the pay page and which the merchant accepts as payment.
  • the card image associated with the URL key is obtained ⁇ md displayed on the termmal
  • the CDT entry is obtained at function block 1950 utilizing the URL key.
  • the CDT is utilized for sto ⁇ ng information associated with each card Then, at decision block 1960, a test is performed to determine if the last payment method card has been processed and displayed on the merchant display If not, then the index is incremented at function block 1920 and the loop reiterated to process the next card at function block 1930 If all the cards have been processed, then control is returned to the merch ⁇ mt program for processing the transaction at terminal 1970.
  • Figures 20 A through 20H are block diagrams and flowcharts setting forth the detailed logic of thread processing in accordance with a preferred embodiment
  • Figure 20A illustrates a p ⁇ or art approach to POS processing utilized in most grocery stores and department stores today
  • POS Terminal 2001 accepts transactions provided to it one at a time by customers 2000
  • POS Terminal 2001 builds a transaction request 2002 and transmit it to acquiring bank 2004 over communications link 2003
  • Figure 20B is a data structure 2002 representing a POS transaction request in accordance with a preferred embodiment
  • the data structure 2002 includes a TID field 2005, which identifies the physical terminal from which the transaction originates
  • the data structure also includes other data 2006 necessary to process a transaction
  • This data includes such fields as a transaction type, a transaction amount, a currency type (such as U S dollars), credit card account number, credit card expiration date, etc
  • Figure 20C illustrates a vPOS architecture with account requests being processed by a single acquiring bank vPOS 2007 processes a plurality of customers 2000 concurrently For each such customer 2000, vPOS 2007 builds a data structure 2010, representing the transaction to be performed for that customer Each data structure 2010 contains a unique "virtual terminal" ID vPOS 2007 selects a virtual terminal ID using database 2008 For each data structure 2010, vPOS 2007 initiates communication with acquiring bank 2004 using communication link 2003
  • FIG 20D is a data structure 2010 representing a vPOS transaction request in accordance with a preferred embodiment
  • the data structure 2010 includes a TID field 2012, which identifies a virtual terminal ID associated with a particular transaction
  • the data structure also includes other data 2006 necessary to process a transaction
  • This data includes such fields as a transaction type, a transaction amount, a currency type (such as U S dollars), credit card account number, credit card expiration date, etc
  • Figure 20E illustrates a TID allocation database 2008 in accordance with a preferred embodiment
  • Database 2008 includes a TID allocation table 2011
  • TID allocation table 2011 includes a plurality of rows, one for each TID used by each acquiring bank One such row 2013 is illustrated in detail
  • Row 2013 includes a good/service order (GSO) identifier 2014.
  • GSO good/service order
  • row 2013 may optionally include other fields 2017 that may be used in conjunction ith the order processing
  • a null GSO value indicates that the 1 ID/Acquirer combination is not currently in use
  • FIGS 20F through 20H are flowcharts of the detailed logic used to perform virtual terminal ID allocation
  • FIG 20F illustrates the main line operation of virtual TID allocation
  • execution begins
  • step 2021 a skeletal transaction request structure is prepared
  • step 2022 the main line routine obtains a virtual TID for inclusion within the transaction request structure, as will be more fully disclosed with reference to Figure 20G, below
  • step 2023 the routine verifies that a TID was obtained. If the TID was not obtained, for example, if more transactions are currently being processed than there are TIDs, then execution continues to step 2024 In step 2024. the transaction request is put on a queue for future processing
  • the routme waits for a transaction process to end. which would free up a TID in use At that point, control resumes from step 2022, and the routine again attempts to obtain a TID
  • step 2026 the routme submits the transaction to the acquiring bank.
  • step 2027 the transaction ii orocessed
  • step 2028 the routine makes a database call to free up the TID that was used in the transaction
  • Figure 20G depicts in detail the process of obtaining a TID from the database. Execution begins in step 2040.
  • step 2041 the routine constructs a database call to reserve a TID for processing, for example, by constructing an SQL statement to retrieve a TID row from the database
  • step 2042 the routine executes the database call that was constructed in step 2041.
  • step 2043 the routine constructs a second database c.»ll to extract the TID from the row that was reserved in step 2042.
  • step 2044 the database call constructed in step 2043 is executed to obtain the TID.
  • step 2045 a return code is checked to verify whether the TID was successfully obtained If the TID was successfully obtained, control proceeds to step 2046, which returns to the calling program. If, however the TID was not obtained, control proceeds to step 2047 In step 2047, the routine checks to see whether an excessive number of retries have already been attempted. If there have been an excessive number of retries, control proceeds to step 2048, which exits with an error indication. If there has not been an excessive number of retries, control proceeds once again to step 2043 to retry the extraction operation.
  • Figure 20H depicts the operation of releasing a TID that had been used in a prior transaction.
  • Execution begins in step 2060.
  • the routine constructs a database call to update the row for the selected TID so that the value for the good and service order is null, thereby indicating that the selected TID is not associated with any good or service order, and is therefore free for reuse.
  • the routine executes the SQL statements constructed in step 2062. thereby releasing the TID for use in future transactions.
  • the routine returns to the calling program.
  • a source code listing for the transaction request processing is provided below m accordance with a preferred embodiment.
  • HKEY hCardsKey / /To enumerate cards long retCode; mt nNoCards,

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Stored Programmes (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
EP97936382A 1996-07-31 1997-07-31 System,verfahren und hergestellter gegenstand für gesicherte,gespeicherte geldwert transaktionen über ein offenes kommunikationsnetwerk mit ausdehnbarer,flexibler architektur Ceased EP0923769A2 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US69290796A 1996-07-31 1996-07-31
PCT/US1997/013673 WO1998005011A2 (en) 1996-07-31 1997-07-31 A system, method and article of manufacture for secure, stored value transactions over an open communication network utilizing an extensible, flexible architecture
US692907 2003-10-23

Publications (1)

Publication Number Publication Date
EP0923769A2 true EP0923769A2 (de) 1999-06-23

Family

ID=24782536

Family Applications (1)

Application Number Title Priority Date Filing Date
EP97936382A Ceased EP0923769A2 (de) 1996-07-31 1997-07-31 System,verfahren und hergestellter gegenstand für gesicherte,gespeicherte geldwert transaktionen über ein offenes kommunikationsnetwerk mit ausdehnbarer,flexibler architektur

Country Status (3)

Country Link
EP (1) EP0923769A2 (de)
AU (1) AU3906497A (de)
WO (1) WO1998005011A2 (de)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6353812B2 (en) * 1998-02-19 2002-03-05 Certco, Inc. Computer-based method and system for aiding transactions
US7240022B1 (en) 1998-05-19 2007-07-03 Mypoints.Com Inc. Demographic information gathering and incentive award system and method
US6738749B1 (en) * 1998-09-09 2004-05-18 Ncr Corporation Methods and apparatus for creating and storing secure customer receipts on smart cards
FI106495B (fi) * 1999-04-12 2001-02-15 Nokia Mobile Phones Ltd Verkkoelementti
AU5598800A (en) * 1999-06-21 2001-01-09 Sun Microsystems, Inc. Method and apparatus for commercial transactions via the internet
US6643701B1 (en) * 1999-11-17 2003-11-04 Sun Microsystems, Inc. Method and apparatus for providing secure communication with a relay in a network
US6714982B1 (en) 2000-01-19 2004-03-30 Fmr Corp. Message passing over secure connections using a network server
US7024386B1 (en) 2000-06-23 2006-04-04 Ebs Group Limited Credit handling in an anonymous trading system
US6983259B1 (en) 2000-06-23 2006-01-03 Ebs Group Limited Anonymous trading system
GB2364586B (en) 2000-06-23 2004-06-16 Ebs Nominees Ltd Deal matching in an anonymous trading system
US7366690B1 (en) 2000-06-23 2008-04-29 Ebs Group Limited Architecture for anonymous trading system
US7184982B1 (en) 2000-06-23 2007-02-27 Ebs Group Limited Architecture for anonymous trading system
US7827085B1 (en) 2000-06-23 2010-11-02 Ebs Group Limited Conversational dealing in an anonymous trading system
US7333952B1 (en) 2000-06-23 2008-02-19 Ebs Group Limited Compound order handling in an anonymous trading system
AU2003261299A1 (en) 2002-07-30 2004-02-16 Acs State And Local Solutions, Inc. Systems and methods for processing benefits
US7587434B2 (en) 2002-10-01 2009-09-08 Acs State & Local Solutions, Inc. Method and system for managing a distributed transaction process
US8340979B2 (en) 2002-10-01 2012-12-25 Acs State & Local Solutions, Inc. Systems and methods for electronically processing government sponsored benefits
US8489742B2 (en) 2002-10-10 2013-07-16 Convergys Information Management Group, Inc. System and method for work management
US8577795B2 (en) 2002-10-10 2013-11-05 Convergys Information Management Group, Inc. System and method for revenue and authorization management
US7668093B1 (en) 2004-08-05 2010-02-23 Convergys Information Management Group, Inc. Architecture for balancing workload
US7590980B1 (en) 2004-06-14 2009-09-15 Convergys Cmg Utah, Inc. System and method for a functional extensibility framework
SG11201403861XA (en) 2012-01-05 2014-08-28 Visa Int Service Ass Data protection with translation
CN112419582A (zh) * 2020-09-25 2021-02-26 浪潮金融信息技术有限公司 一种基于bs架构读取社保卡信息的方法、读卡装置及医疗自助设备

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4625276A (en) * 1983-08-31 1986-11-25 Vericard Corporation Data logging and transfer system using portable and resident units
US5557518A (en) * 1994-04-28 1996-09-17 Citibank, N.A. Trusted agents for open electronic commerce
US5521966A (en) * 1993-12-14 1996-05-28 At&T Corp. Method and system for mediating transactions that use portable smart cards
US5461217A (en) * 1994-02-08 1995-10-24 At&T Ipm Corp. Secure money transfer techniques using smart cards
US5715314A (en) * 1994-10-24 1998-02-03 Open Market, Inc. Network sales system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9805011A3 *

Also Published As

Publication number Publication date
WO1998005011A3 (en) 1998-05-07
AU3906497A (en) 1998-02-20
WO1998005011A2 (en) 1998-02-05

Similar Documents

Publication Publication Date Title
US6373950B1 (en) System, method and article of manufacture for transmitting messages within messages utilizing an extensible, flexible architecture
US6253027B1 (en) System, method and article of manufacture for exchanging software and configuration data over a multichannel, extensible, flexible architecture
US6363363B1 (en) System, method and article of manufacture for managing transactions in a high availability system
US5983208A (en) System, method and article of manufacture for handling transaction results in a gateway payment architecture utilizing a multichannel, extensible, flexible architecture
US6178409B1 (en) System, method and article of manufacture for multiple-entry point virtual point of sale architecture
US6324525B1 (en) Settlement of aggregated electronic transactions over a network
US6163772A (en) Virtual point of sale processing using gateway-initiated messages
US5850446A (en) System, method and article of manufacture for virtual point of sale processing utilizing an extensible, flexible architecture
US6119105A (en) System, method and article of manufacture for initiation of software distribution from a point of certificate creation utilizing an extensible, flexible architecture
US6072870A (en) System, method and article of manufacture for a gateway payment architecture utilizing a multichannel, extensible, flexible architecture
US6304915B1 (en) System, method and article of manufacture for a gateway system architecture with system administration information accessible from a browser
US5987132A (en) System, method and article of manufacture for conditionally accepting a payment method utilizing an extensible, flexible architecture
US6002767A (en) System, method and article of manufacture for a modular gateway server architecture
US5943424A (en) System, method and article of manufacture for processing a plurality of transactions from a single initiation point on a multichannel, extensible, flexible architecture
US5889863A (en) System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture
US5978840A (en) System, method and article of manufacture for a payment gateway system architecture for processing encrypted payment transactions utilizing a multichannel, extensible, flexible architecture
US5996076A (en) System, method and article of manufacture for secure digital certification of electronic commerce
US20030140007A1 (en) Third party value acquisition for electronic transaction settlement over a network
WO1997049072A9 (en) A system, method and article of manufacture for processing a plurality of transactions from a single initiation point on a multichannel, extensible, flexible architecture
EP0923769A2 (de) System,verfahren und hergestellter gegenstand für gesicherte,gespeicherte geldwert transaktionen über ein offenes kommunikationsnetwerk mit ausdehnbarer,flexibler architektur
WO1997049070A9 (en) System and method for transmitting messages
WO1997049053A9 (en) A system, method and article of manufacture for conditionally accepting a payment method utilizing an extensible, flexible architecture
US6061665A (en) System, method and article of manufacture for dynamic negotiation of a network payment framework
WO1997049050A9 (en) A system, method and article of manufacture for managing transactions in a high availability system
EP0935785A2 (de) System, verfahren und hergestellter gegenstand zur verwaltung von transaktionen in einem system mit hoher verfügbarkeit

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19990224

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): DE FR GB IE

17Q First examination report despatched

Effective date: 20001025

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: HEWLETT-PACKARD COMPANY

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20020725