Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q30/00—Commerce
  • G06Q30/06—Buying, selling or leasing transactions
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/04—Payment circuits
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/08—Payment architectures
  • G06Q20/12—Payment architectures specially adapted for electronic shopping systems
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
  • G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
• • G06Q50/60—

Definitions

• the present invention relates to the field of commercialization for business transactions. More particularly, the present invention relates to the problem of securely and efficiently using a telephone calling card as a credit card for business transactions.
• eCash is a software-based payment system that allows users to make electronic payments from any computer to any other computer over any computer network including the Internet.
• An eCash purchase requires three participants - a buyer, a seller, and a bank. Initially, the buyer withdraws digital coins, or eCash, from her bank account. The digital coins are in fact messages having strings of digits with each digital string corresponding to a
• Patent No. 4,949,380 entitled "Returned-Value Blind Signature Systems”.
• One drawback of this system is that in order to make a purchase both the buyer and the seller must have accounts on the eCash system. This drawback may be particularly chilling in that the impulse to buy an item or service may not survive the time it takes for a consumer to sign up with such a system.
• Another drawback is that each purchase requires processing by an intermediary, e.g., a bank, before the purchase is deemed completed.
• MilliCent is another software based payment system primarily designed for content-based Internet commerce.
• the MilliCent system is based on the use of "scrip".
• Scrip is a pre-paid electronic coupon that essentially replaces cash for purchases.
• Scrip is issued by brokers, that act as intermediaries between consumers and vendors, or by vendors. Basically, a consumer, by way of a credit card, for example, buys vendor specific scrip, i.e., that scrip can only be used to purchase content from a particular vendor, either from a broker or vendor, and then uses the scrip to make purchases.
• the MilliCent system does not require user accounts it also has drawbacks. For one, each user must subscribe and use MilliCent software.
• scrip is vendor specific thereby limiting the flexibility of the shopping consumer.
• eCash MilliCent may have a negative impact on the spur of the moment purchase.
• the low transactional costs associated with systems such as eCash or MilliCent make them particularly attractive for purchasing items or services that cost as little as 10 cents.
• a consumer using a credit card to make an electronic purchase first requests the purchase from the merchant. The merchant then contacts the institution that issued the consumer's credit card for authorization. If the purchase is authorized, the merchant is eventually given a token which the merchant transfers into its bank account and the consumer is forwarded a bill from the institution.
• Using a credit card to make an electronic purchase has it own set of problems. First, although encryption is used in credit card transactions to protect information such as credit card numbers, credit card security is poor.
• Any merchant can take the information given by the user and purchase additional goods from other merchants; even if the fraud is detected, there is little hope of tracing it back to the dishonest merchant.
• the danger of eavesdropping or snooping by an outsider to the transaction also poses a significant risk. More significant is the risk associated with break-ins at a host where credit card numbers may be stored. Second, and probably more importantly, credit card overheads are typically high ($0.20 + 2% of transaction cost is typical). This makes credit card payment inappropriate for payments under $1.00.
• Our invention is a method and system that uses a telephone card to make payments as part of an electronic commercial transaction.
• our system includes an eCard server connected to a public network through which a consumer and a merchant can communicate and transact business.
• the public network may be the Internet or the Public Switched Telephone Network (PSTN).
• PSTN Public Switched Telephone Network
• our system provides the opportunity for in-home shopping without requiring the consumer to own a personal computer or a credit card.
• a secret encryption key is shared by the user and the calling card server.
• a user or consumer wishes to make a purchase he contacts the merchant, who prepares an invoice. The user signs the invoice using his telephone calling card number and a PIN code. The merchant then sends the signed invoice to the eCard server.
• the server authenticates the signature, verifies that the user has sufficient funds for the purchase, and sends a confirmation to the merchant. After receiving confirmation the merchant then informs the user of the successful purchase. The user is later billed for the item on his phone bill, and the invoice is preserved at the eCard server for auditing and to guarantee non-repudiation of the transaction. In accordance with our invention no private information is passed on to the merchant (even the customer name can be hidden). As such, the risk of fraud is reduced.
• purchases may be conducted over the PSTN.
• the user first initiates a phone call to the merchant using his telephone calling card.
• the user first identifies himself to the telephone network.
• the telephone network then completes the call to the merchant so that the merchant and the
• a further extension of this embodiment of our invention includes the user purchasing a prepaid calling card, thereby removing the additional step of later billing the user.
• transactions may occur via the Internet using the World Wide Web.
• the consumer first dials into a server maintained by an Internet Service Provider (ISP), which can be a telephone company. As part of the dial in process the consumer's identity is validated.
• ISP Internet Service Provider
• the user drags a copy of an invoice or purchase order to an application running on a Web Page.
• the application appends the user's digital signature to the invoice and mails it to the merchant.
• the merchant presents the signed invoice to the eCard server which authenticates the signature of the user prior to approving the sale.
• Telephone companies can leverage the security available from the existing PSTN to provide better security and user authentication; Telephone companies are generally trusted by both the public and merchants, and so they can serve as a suitable "trusted third party" in contract protocols; and
• User identity can be kept private for those transactions that do not involve shipping (e.g., paying for downloaded maps or videos).
• FIG. 1 illustratively depicts the system architecture of the present invention.
• FIG. 2 is a state diagram depicting the information flow between the elements depicted in FIG. 1 in carrying out a transaction over the PSTN;
• FIG. 3 is a state diagram depicting the information flow between the elements depicted in FIG. 1 in carrying out a transaction over the Internet.
• FIG. 1 there is depicted a generalized schematic of a system 100 in accordance with our invention.
• the system 100 connects users or consumers 101 to various merchants or businesses 105 and financial institutions 106 through either the Public Switched Telephone Network or Internet 111.
• the user's 101 connection to merchant 105 is established or
• a calling card or eCard server 115 is also connected to the network 111 and stores a list (illustratively depicted as database 116) of calling card numbers, PINs, user names and addresses, and credit limits, if any. It should be noted that although we illustratively separate the merchant 105 from the service provider 112 the merchant and service provider might be the same entity. For example, some telephone companies already have their own on-line shopping networks. In general, after service provider 112 connects the user 101 to merchant 105, the user 101 initiates operation of the system by selecting an item or service offered by merchant.
• ISP Internet Service Provider
• the user 101 selects the eCard as the method of payment. Once the method of payment is selected, a series of actions, discussed in detail below, are initiated and managed by eCard server 115, which actions allows the user 101 to be billed for the service or good.
• Calling cards are issued by all major telephone companies. These cards have proven to be an effective and convenient way for customers to make toll calls when away from home. Typically, the user dials a toll-free number and types his calling card number and a secret code (PIN). The service provider checks the validity of the number and correctness of the PIN and allows the user to place toll calls. Charges for the calls appear on the user's telephone bill. As such, calling cards already provide a secure method of connecting users over the PSTN. Our invention leverages the security already present in the PSTN and enhances this security on computer networks, e.g., Internet, by using cryptographic techniques.
• PIN secret code
• the primary cryptographic technique used in our invention is private digital signatures.
• the user 101 and the server 115 share a secret key.
• the user 101 appends the secret key to the document and computes a cryptographic checksum, using a standard cryptographic hash function such as MD5 or SHA.
• the checksum is sent along with the document to the server 115, which performs the same checksumming process. If the checksums agree, the server 115 can be sure that document was signed by the user 101.
• a private digital signature is the preferred encryption method because each telephone calling card customer
• Private key encryption is also better suited for our invention because here there is no arbitrary person to whom consumers must identify themselves. More importantly, private key encryption is cheaper to implement and takes advantage of the fact that the service provider issues calling cards and serves as the trusted third party. Nonetheless, public key cryptographic techniques may also be used to authenticate the signature of the customer.
• FIG. 2 shows the process begins when a consumer or customer 101 places a telephone call 202 to a merchant 105 from either the consumer's home, or by using a calling card, or through some other mechanism identifies himself to the PSTN.
• the consumer's service provider system or PSTN 11 establishes the call 202 between the consumer 101 and the merchant 105.
• the consumer 101 and merchant 105 then negotiate a transaction 208.
• the consumer 101 hits a predetermined sequence of keys 210 on the telephone pad, e.g., flash hook followed by *678, to signal the service provider system 111 that a consumer wishes to make a purchase.
• the service provider system 111 receives this sequence or signal 210 the system 111 temporarily disconnects both the merchant 105 and the consumer 101 and establishes two new calls, one 212 to the consumer 101 and the other 214 to the merchant 105.
• the system may alternate temporarily disconnecting the merchant 105 and the consumer 101 from the call.
• the consumer is using a calling card, the consumer is queried for his PIN, step 216. Of course, if the consumer is calling from home a PIN may not be necessary.
• the merchant While the customer is queried for his PIN, step 216, the merchant is also queried to enter the transaction amount, step 218.
• the consumer and merchant then each return the information requested, steps 220 and 222, respectively.
• the consumer and the merchant may also be requested or allowed to return additional information pertaining to the transaction.
• the consumer may input his name and address, step 224, and have this information recorded by the service provider 111.
• the merchant may input its name and the items purchased, step 226, and have this information recorded by the service provider 111.
• This additional information provided by the merchant may be disclosed to the consumer or vice versa.
• the merchant may forward the information by way of an audible invoice or an invoice on the Internet to the service provider.
• step 227 involves the service provider accessing the eCard server 115.
• the service provider system 111 may also function as traffic cop allowing the eCard server 115 to request, collect, and manage the entire transaction.
• the service provider plays the product description and price to the consumer, step 230, and receives confirmation from the consumer, step 232. Once confirmation is received the consumer and merchant are then reconnected, step 235.
• the consumer may also purchase items over the Internet using an application available on the World Wide Web (Web).
• Web World Wide Web
• the consumer begins the transaction by dialing into an Internet Service Provider (ISP) modem pool, inputting a user identification code and password, step 302.
• ISP Internet Service Provider
• the ISP validates the user and establishes a connection to a Web page from which the customer negotiates an item and price, step 304.
• the consumer clicks on a eCard icon, step 306, on the Web page used to negotiate the transaction; note that the Web page may be the Web page of the consumer or some other trusted third party.
• ISP Internet Service Provider
• the consumer and merchant may optionally record a message indicating any other specific terms related to the transaction, steps 318 and 320, respectively.
• the service provider system may optionally play a recording of the customer's voice and name.
• the system checks the customer and merchant records , step 330, to select an appropriate form of payment (typically on the calling card account, but possibly on a credit card, ATM, etc.).
• the system confirms to the customer, step 336, the product description and price and also receives confirmation from the customer, step 338. After customer confirmation, step 338, the consumer is again free to roam the Web and make another purchase.

Applications Claiming Priority (3)

Publications (1)

Family

ID=22148789

Family Applications (1)

Country Status (8)

Families Citing this family (33)

Family Cites Families (4)

• 1999
  • 1999-03-22 JP JP2000538306A patent/JP2002508547A/ja active Pending
  • 1999-03-22 ID IDW20001904A patent/ID28328A/id unknown
  • 1999-03-22 AU AU31081/99A patent/AU3108199A/en not_active Abandoned
  • 1999-03-22 CA CA002324114A patent/CA2324114A1/en not_active Abandoned
  • 1999-03-22 EP EP99912783A patent/EP1064611A1/de not_active Withdrawn
  • 1999-03-22 CN CN99804302A patent/CN1298526A/zh active Pending
  • 1999-03-22 WO PCT/US1999/006195 patent/WO1999049404A1/en not_active Application Discontinuation
  • 1999-03-22 KR KR1020007010517A patent/KR20010034629A/ko not_active Application Discontinuation

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events