EP1756722A4 - Procede permettant des activites de detail sur un reseau longue distance - Google Patents

Procede permettant des activites de detail sur un reseau longue distance

Info

Publication number
EP1756722A4
EP1756722A4 EP00953416A EP00953416A EP1756722A4 EP 1756722 A4 EP1756722 A4 EP 1756722A4 EP 00953416 A EP00953416 A EP 00953416A EP 00953416 A EP00953416 A EP 00953416A EP 1756722 A4 EP1756722 A4 EP 1756722A4
Authority
EP
European Patent Office
Prior art keywords
customer
transaction
computer station
service provider
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00953416A
Other languages
German (de)
English (en)
Other versions
EP1756722A2 (fr
Inventor
Saar Wilf
Guy Ruvio
Or Tal
Shvat Shaked
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Trivnet Ltd
Original Assignee
Trivnet Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Trivnet Ltd filed Critical Trivnet Ltd
Publication of EP1756722A2 publication Critical patent/EP1756722A2/fr
Publication of EP1756722A4 publication Critical patent/EP1756722A4/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/16Payments settled via telecommunication systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the present invention relates generally to a retail method for performing commercial transactions over a wide area network and more particularly to a retail method for performing commercial transactions over the Internet.
  • the Internet is a worldwide network of interconnected computers and computer networks.
  • the Internet includes Internet service providers (ISPs) who provide Internet access to a large number of subscribers or users who may pay the ISP a fee for the access.
  • the subscribers can be individuals or organizations and can access the Internet by connecting to the ISP using modems over the general switched telephony system (GSTN), or cable television networks, or other types of communication line infrastructure.
  • GSTN general switched telephony system
  • the Internet also includes vendors who advertise products and services over the Internet and solicit orders from users.
  • PCT international publication No. WO 97/03410 to Egendorf discloses a method for Internet billing.
  • an ISP can bill a billing account of a customer for products or services purchased from a vendor over the Internet, thereby avoiding the need to communicate the customer's credit card or account number over the Internet.
  • the method is limited in that each ISP has to establish agreements with a multiplicity of vendors some of which may not be subscribers of the ISP.
  • each vendor has to establish separate agreements with a multiplicity of ISPs to be able to use the method of WO 97/03410 for performing transactions with customers of different ISPs.
  • the present invention relates to a system and method which provides vendors and customers a secure and economical way of selling and purchasing goods over a wide area network.
  • a commercial account is established for customers at their network service provider.
  • payment for the product is debited from the customer's network service provider account.
  • a secure transaction service cooperates with the customer, the vendor and the network service provider to authorize the transaction.
  • the invention enables a customer to purchase a product via the network without transmitting sensitive information such as a credit card number over the network. Moreover, the user does not need to install additional software on his computer for using the billing method of the present invention.
  • One embodiment of the present invention provides a retail method that is adapted for use over the Internet.
  • the retail method is adapted for use over any wide area network using any suitable communication protocol which is within the scope and spirit of the present invention.
  • a retail method over a wide area network includes a point of sale computer station (e.g., a vendor's network server), a network service provider server operated by a network service provider, a customer computer station used by a customer and connected to the wide area network through the network service provider, and a transaction server having access to identification information of the network service provider and the point of sale computer station.
  • the basic process flow of the retail method includes: Connecting the customer computer station to the point of sale computer station. Purchasing goods from the point of sale computer station by the customer. Validating the purchasing by the transaction server and the network service provider server.
  • the validating process includes: Automatically receiving by the transaction server from the customer computer station of the transaction details and identification information for identifying the point of sale computer station and the network address of the customer computer station.
  • Informing the transaction server by the network service provider server of the confirmation or the denial of the transaction details by the customer in the transaction verification form Instructing the point of sale computer station by the transaction server to supply or deny the goods to the customer in accordance with the confirmation or the denial, respectively, of the transaction details by the customer.
  • the network service provider provides the transaction verification form to the customer.
  • the secure transaction server instead of the secure transaction server providing the form to the customer, the secure transaction server sends the necessary information to the network service provider to enable the network service provider to send the form.
  • the step of validating includes: Automatically receiving by the transaction server from the customer computer station of transaction details of the transaction and identification information for identifying the point of sale computer station and the network address of the customer computer station. Sending the transaction details and the network address of the customer computer station from the transaction server to the network service provider server. The transaction server causing the customer computer station to contact the network service provider. Sending a transaction verification form from the network service provider server to the customer computer station, the transaction verification form including at least the transaction details.
  • a confirmation or a denial of the transaction details Sending by the customer computer station of the confirmation or the denial of the transaction details from the customer computer station to the network service provider server. Informing the transaction server by the network service provider server of the confirmation or the denial of the transaction details by the customer in the transaction verification form. Instructing the point of sale computer station by the transaction server to supply or deny the goods to the customer in accordance with the confirmation or the denial, respectively, of the transaction details by the customer.
  • the system includes at least one network service provider server operated by a network service provider and connected to the wide area network.
  • the system also includes at least one customer computer station used by a customer and connected to the wide area network through one of the network service provider servers.
  • the system also includes at least one point of sale computer station connected to the wide area network and at least one transaction server having access to identification information of the at least one network service provider and the at least one point of sale computer station and connected to the wide area network.
  • the retail method steps performed by the system are similar to those of the methods discussed above. Namely, connecting one of the customer computer stations to one of the points of sale computer station. Purchasing goods from the point of sale computer station by the customer operating the customer computer station. Validating the purchasing by one of the transaction servers and one of the network service provider servers. Charging the customer for the purchasing, the charging including a transaction including the steps of billing an account of the customer by the network service provider server a transaction sum and billing by the transaction server an account of the network service provider server the transaction sum. Supplying the goods to the customer. Remitting a portion of the transaction sum to a vendor operating the point of sale computer station.
  • the step of validating includes: Automatically receiving by the transaction server from the customer computer station of transaction details of the transaction and identification information for identifying the point of sale computer station and the network address of the customer computer station. Sending a transaction verification form from the transaction server to the customer computer station, the transaction verification form including at least the transaction details and information for contacting the network service provider server. Entering by the customer in the transaction verification form a confirmation or a denial of the transaction details. Sending by the customer computer station of the transaction details and the confirmation or the denial of the transaction details from the customer computer station to the network service provider server using the information for contacting the network service provider server included in the transaction verification form.
  • Informing the transaction server by the network service provider server of the confirmation or the denial of the transaction details by the customer in the transaction verification form Instructing the point of sale computer station by the transaction server to supply or deny the goods to the customer in accordance with the confirmation or the denial, respectively, of the transaction details by the customer.
  • the system may also provide a retail method whereby the network service provider supplies the transaction verification form to the customer in a similar manner as performed by the method discussed above.
  • the step of validating includes: Automatically receiving by the transaction server from the customer computer station of transaction details of the transaction and identification information for identifying the point of sale computer station and the network address of the customer computer station. Sending the transaction details and the network address of the customer computer station from the transaction server to the network service provider server. The transaction server causing the customer computer station to contact the network service provider. Sending a transaction verification form from the network service provider server to the customer computer station, the transaction verification form including at least the transaction details. Entering by the customer in the transaction verification form a confirmation or a denial of the transaction details.
  • the customer responds to the secure transaction server instead of the network service " provider during the verification operation. For example, the customer does not contact the network service provider to send a transaction confirmation/denial. Instead, the customer sends the confirmation/denial to the secure transaction server. To ensure that the customer is authorized to make the transaction, the secure transaction server contacts the network service provider server to obtain the customer identity.
  • the network service provider identifies the customer using the telephone number of the customer.
  • the customer's telephone number is supplied to the network service provider, for example, over the telephony infrastructure when the customer calls the network service provider.
  • the customer's telephone number is used to bill the customer's telephone account for the product the customer purchased from the vendor.
  • the step of identifying the customer is done by the STS rather than the NSP.
  • the STS remotely accesses the NSP's servers to match the network address with a user account.
  • the STS may also carry out the step of determining whether the customer is authorized to make a purchase.
  • the method of the invention may be practiced without installing the ISP-related software applications treated herein on the network service provider server.
  • the address may be obtained from the HTTP "Forwarded For" header.
  • the address may be obtained by having the customer's browser connect in the background to an unproxied service.
  • the address may be obtained by having the customer's browser connect in the background to an unproxied host.
  • an application that will attempt to contact the secure transaction service or the network service provider may be downloaded to the customer's computer station.
  • the retail method may include the step of remitting a portion of the transaction sum to a network service provider operating the network service provider server.
  • the retail method also may include the step of remitting a portion of the transaction sum to the transaction service provider operating the transaction server.
  • the identification information of the network service provider and the point of sale computer station includes information for associating a customer network address with a network service provider and technical information needed to contact the network service provider server, and information for associating a vendor identifier with the technical information needed to contact the point of sale computer station over the wide area network.
  • the information for associating a customer and the information for associating the vendor are stored on the transaction server or accessible to the transaction server.
  • the wide area network is the Internet
  • the network service provider is an Internet service provider
  • the information for associating a customer includes at least the Internet protocol (IP) address space of the Internet service provider server and the technical information needed to contact the Internet service provider
  • the information for associating the vendor is technical information needed to contact the point of sale computer station over the Internet.
  • IP Internet protocol
  • the step of charging further includes the step of recording by the network service provider server of the transaction details for billing the customer by the network service provider.
  • the step of remitting includes the step of crediting an account of the vendor by the portion of the transaction sum.
  • the step of crediting is performed by a financial service provider.
  • the financial service provider is selected from the group consisting of a bank and a credit card company.
  • the account of the vendor is a bank account or a credit card account.
  • the communication between the point of sale computer station and the transaction server and between the transaction server and the network service provider server is encrypted.
  • the transaction service provider operating the transaction server establishes a remitting agreement with the vendor for remitting a portion of the transaction sum to the vendor after the step of charging.
  • the remitting agreement is established prior to using the retail method and the transaction service provider establishes a billing agreement with the network service provider for billing an account of network service provider the transaction sum for goods purchased by the customer from the point of sale computer station.
  • the billing agreement is established prior to using the retail method.
  • the network service provider establishes a billing agreement with the customer for billing an account of the customer the transaction sum for goods purchased by the customer from one or more point of sale computer stations.
  • the billing agreement may be established prior to using the retail method.
  • a customer may be presented the terms of the agreement the first time he uses the retail method. This may be accomplished, for example, by displaying a corresponding window or web page to the customer. In this case, the customer could accept the terms of the agreement by, for example, clicking a button on the window or web page.
  • a per transaction billing agreement is established between the customer and the network service provider for billing an account of the customer the transaction sum for goods purchased by the customer from the point of sale computer station.
  • a method for obtaining an IP address of a computer having a browser configured to use a proxy server for selected services and configured not to use a proxy server for other services includes the steps of instructing the browser to open a connection to one of the other services, and obtaining the IP address from the connection.
  • a method for obtaining an IP address of a computer having a browser configured to use a proxy server for selected hosts and configured not to use a proxy server for other hosts.
  • the method includes the steps of instructing the browser to open a connection to one of the other hosts, and obtaining the IP address from the connection.
  • a method for obtaining an IP address of a computer including the step of activating an application on the computer. The application opens a connection to a server and the connection contains the IP address.
  • the method further includes the step of downloading the application from the server.
  • a method for filtering access to a service provided by a service provider to subscribers of at least one ISP includes the steps of the service provider maintaining a list of IP addresses assigned to the at least one ISP, and when a user attempts to access the service through a computer having an IP address, the service provider enabling access to the service if the IP address appears in the list.
  • the method of performing a commercial transaction described above further includes the step of associating the customer identity information with a first plurality of identifiers contained in the transaction with the vendor application, and with privileges related to the transaction authorization and to the product.
  • the method also includes the step of finding the best match of a second plurality of identifiers contained in the second transaction with a previously associated plurality of identifiers, when a second transaction is initiated with the vendor application. If the statistical significance of the best match is better than a predetermined significance, the customer identification information associated with the previously associated plurality of identifiers is retrieved. If the privileges associated with the customer identification information allow access to the goods requested in the second step of purchasing, the goods requested in the second step of purchasing are provided.
  • the retail method over a wide area network described above further includes the step of associating the identity information with a first plurality of identifiers sent to the point of sale computer station during the step of purchasing, and with privileges related to the step of validating and to the goods.
  • the method also includes the step of finding the best match of a second plurality of identifiers sent to the point of sale computer station during the second step of purchasing with a previously associated plurality of identifiers when a second step of purchasing goods from the point of sale computer station is initiated by the customer. If the statistical significance of the best match is better than a predetermined significance, the customer identification information associated with the previously associated plurality of identifiers is retrieved. If the privileges associated with the customer identification information allow access to the goods requested in the second step of purchasing, the goods requested in the second step of purchasing are provided.
  • a method of payment for a software product including the steps of invoking a payment process during installation of the software product on a customer computer station that is connectable to a network, and completing the installation only if the user has successfully completed the payment process.
  • the payment process includes the steps of establishing a connection from the customer computer station to a transaction service via a network service provider, receiving, by the network service provider, customer identity information from the customer computer station, and sending, by the transaction service, authorization to the customer computer station.
  • a method of payment for a software product installed on a customer computer station that is connectable to a network.
  • the method includes the steps of invoking a payment process at least a predetermined period of time after installation by a user of the software product on the customer computer station, and enabling subsequent use of the software product only if the user has successfully completed the payment process.
  • the payment process includes the steps of establishing a connection from the customer computer station to a transaction service via a network service provider, receiving, by the network service provider, customer identity information from the customer computer station, and sending, by the transaction service, authorization to the customer computer station.
  • a method of payment for a software product installed on a customer computer station that is connectable to a network.
  • the method includes the steps of invoking a payment process when at least one condition is satisfied, and enabling subsequent use of the software product only if the user has successfully completed the payment process.
  • the payment process includes the steps of establishing a connection from the customer computer station to a transaction service via a network service provider, receiving, by the network service provider, customer identity information from the customer computer station, and sending, by the transaction service, authorization to the customer computer station.
  • the condition is satisfied when a preset usage time of the software product has passed, or when the software product has been used a preset number of times.
  • the method of performing a commercial transaction described above is for a product which is a tangible good delivered to an address of said customer.
  • the method further includes the step of obtaining the address from a database associating a known customer identifier with the address.
  • the method of performing a commercial transaction described above further includes the step of receiving, by the transaction service, a password from the customer.
  • Fig. 1 is a schematic block diagram of a system for carrying out the retail method over the Internet, in accordance with a preferred embodiment of the present invention
  • Fig. 2 is a schematic flow chart illustrating one embodiment of the steps of the retail method performed by a customer using the customer computer station of the system of Fig. 1;
  • FIG. 3 is a schematic flow chart illustrating one embodiment of the steps of the retail method performed by a point of sale computer station of the system of Fig. 1 ;
  • Fig. 4 is a schematic flow chart illustrating one embodiment of the steps of the retail method performed by a secure transaction server (STS) of the system of Fig. 1 ;
  • STS secure transaction server
  • Fig. 5 is a schematic flow chart illustrating one embodiment of the steps of the retail method performed by an Internet service provider (ISP) server of the system of Fig. 1 ;
  • ISP Internet service provider
  • Fig. 6 is a schematic flow chart illustrating another embodiment of the steps of the retail method performed by an Internet service provider (ISP) server of the system of Fig. 1 ;
  • Fig. 7 is a schematic flow chart illustrating another embodiment of the steps of the retail method performed by a secure transaction server (STS) of the system of Fig. 1 ;
  • ISP Internet service provider
  • STS secure transaction server
  • Fig. 8 is a schematic flow chart illustrating another embodiment of the steps of the retail method performed by an Internet service provider (ISP) server of the system of Fig. 1 ;
  • ISP Internet service provider
  • Fig. 9 is a schematic flow chart illustrating another embodiment of the steps of the retail method performed by a secure transaction server (STS) of the system of Fig. 1 ;
  • Fig. 10 is a schematic flow chart illustrating another embodiment of the steps of the retail method performed by a secure transaction server (STS) of the system of Fig. 1 ;
  • Fig. 11 is a block diagram illustrating several data memory components in accordance with one embodiment of the invention.
  • Fig. 12 is a schematic illustration of a collection of identifiers, according to a preferred embodiment of the present invention.
  • Fig. 13 is a block diagram illustration of HTTP session management using multiple identifiers and statistical significance, in accordance with a preferred embodiment of the present invention.
  • Fig. 1 is a schematic block diagram of a system for carrying out the retail method, in accordance with a preferred embodiment of the present invention.
  • the system includes a secure transaction service provider 20 (STSP) which includes a plurality of M secure transaction servers (STS) labeled 21-23 connected to the Internet 10.
  • STSP secure transaction service provider
  • the system also includes a plurality of N Internet service provider (ISP) servers labeled 31 - 33 connected to the Internet 10, and a plurality of K point of sale computer stations labeled 41 - 43, connected to the Internet 10.
  • ISP Internet service provider
  • Each of the plurality of N ISP servers provides Internet access to a plurality of customer computer stations.
  • ISP server 31 provides Internet access to a plurality of R customer computer stations labeled 51 - 52
  • ISP server 32 provides Internet access to a plurality of S customer computer stations labeled 61 - 62
  • ISP server 33 provides Internet access to a plurality of Q customer computer stations labeled 71 - 72.
  • each of the numbers K, M, N, Q, R and S may be any non-zero positive integer.
  • a customer connects to the Internet via an ISP.
  • the customer is identified using some standard method such as a username and password, and is assigned an IP address.
  • the ISP server of the present invention then associates the assigned IP address with the customer identity, or with any other data suitable for identifying and/or billing the customer.
  • the telephone number of the customer can be associated with the customer's IP address, as described hereinabove.
  • other suitable identifying and/or billing data types may be used.
  • the customer then initiates a transaction by accessing a point of sale computer station using one of the customer computer station, and interacts with the application running on the point of sale station to select a product to be purchased.
  • the customer is billed for the transaction by debiting an account that has been established between the customer and the customer's ISP.
  • the STS coordinates the transaction authorization procedure that determines whether the customer has an account that can be debited. For example, the point of sale station asks the STS whether the customer is authorized to make a purchase using the system.
  • the STS determines (in cooperation with the ISP) whether the customer is authorized and sends the appropriate response back to the point of sale station.
  • the secure transaction service provider 20 is a service provider operating one or more STSs connected to the Internet.
  • the STSP 20 provides software modules which are installed on point of sale computer stations, on the ISP servers and on each of the STSs. It is noted that, if the ISP has more than one server, the software modules may be installed on each of the ISP servers or only on part of them.
  • Each of the ISPs notifies the STSP 20 of the IP address space which the ISP allocates to its customers for connecting to the Internet, as allocated to the ISP by the proper authorities such as the American Registry for Internet Numbers ("ARIN").
  • Each of the ISPs may also provide the STSP with other technical information which may be needed such as the IP addresses of the ISP's proxy servers and the bandwidth of the ISP's connection to the Internet.
  • the software module installed on the ISP servers can identify a customer (236, FIGURE 11) currently using a given IP address (238, FIGURE 11). This software module also manages the billing of the customers in accordance with the purchase of goods from various vendors, manages the communication with the STS and the customer computer stations and checks whether the customer is certified to pay through the STSP as disclosed in detail hereinafter. It is noted that some of the functionality of the ISP software module might already exist on the ISP servers, and can be used instead.
  • the software module installed on the point of sale computer stations manages the registration of the sales and transactions done through the STSP involving the vendor. This software module also manages the pricing of goods offered by the vendor through the STSP. It is noted that some of the functionality of the point of sale software module might already exist on the point of sale servers, and can be used instead.
  • the software module on the point of sale computer stations also manages the communication with the STS, as disclosed in detail hereinafter.
  • the software module installed on the STS uses a database or a table
  • the software module installed on the STS can thus identify the ISP of a customer having an IP address by accessing the database or table disclosed hereinabove.
  • the software module installed on the STSs also manages the financial information (226) needed for implementing the billing such as the bank account numbers of the ISPs and vendors, and the details of purchases (228).
  • the software module installed on the STS also manages all the communication with the point of sale computer stations, customer computer stations and ISP servers, as disclosed in detail hereinafter.
  • Each of the point of sale computer stations 41 - 43 is assigned an ID number and the STSs have access to a look up table (LUT) 230 which associates each point of sale computer station's ID number with the technical information needed to contact the point of sale computer station.
  • the STSP, the customers, the vendors and the ISPs receive financial services from one or more financial service providers 240 (FIGURE 11) such as a credit card company or a bank or any other suitable financial service company.
  • the STSP, the customers, the vendors and the ISPs have bank accounts or credit card accounts with the financial service providers and can provide a bank account number or a credit card number for performing financial transactions. In one embodiment, transactions between the financial service company are accomplished using the Automatic Clearing House Format.
  • each of the M STSs 21 - 23 is directly connected to the Internet backbone (not shown) for fast access.
  • the STSs can be connected to the Internet 10 by any other suitable connection method.
  • Each of the K point of sale computer stations labeled 41 - 43 can be a server operated by a vendor and connected to the Internet directly, a point of sale application (e.g., a vendor application) residing on a server and operated for a vendor by an Internet presence provider (IPP) or any point of sale computer station connected to the Internet by any other suitable connection method.
  • a point of sale application e.g., a vendor application
  • IPP Internet presence provider
  • the STSP 20 may also operate as " an IPP.
  • any one of the K points of sale may not be independent computer stations but may physically reside on one of the STSs 21 - 23.
  • the software for the vendor's site will be installed on one or more of the STSs 21 - 23.
  • the ISP 20 may also operate as an IPP.
  • any one of the K points of sale may not be independent computer stations but may physically reside on one of the ISP servers 31 - 33.
  • the software for the vendor's site will be installed on one or more of the ISP servers 31 - 33.
  • each ISP may operate more than one server (not shown).
  • Each of the customer computer stations 51 - 52, 61 - 62 and 71 - 72 can be connected to the ISP servers 31 , 32 and 33, respectively, through a modem and the GSTN or a cable modem and a cable television network, or by any other suitable communication method.
  • Fig. 1 is shown as including a plurality of STSs 21 -23, the system can also operate with a single STS.
  • the STSs 21- 23 of the STSP 20 can be located in the same geographical location but can also be located singly or in groups at separate geographical locations.
  • the customer computer station can connect with any one of the point of sale computer stations labeled 41 - 43.
  • the customer can request goods as a service or a product which are offered for sale by the vendor. For example, after entering the vendor's site, the customer may request goods by choosing a specific option on a web page.
  • the point of sale computer station causes the customer computer station to connect to one of the available STSs 21 - 23 and to transfer the ID of the point of sale computer station and the transaction details to the available STS.
  • HTTP hypertext markup language
  • This may also be done using an HTTP 302 Status Response accompanied by a "Location:" header, followed by the ID of the point of sale computer station and the transaction details.
  • the address of the STS servers (232, FIGURE 11) associated with the point of sale computer may be stored in a data memory 234 (FIGURE 11).
  • the transaction details include the price and serial number of the requested product or service and additional details such as the payment date or other payment terms.
  • the transaction verification form is generated by HTML or Java or by any other suitable method.
  • the transaction verification form informs the customer about the requested product or service, the price and the payment terms for the transaction.
  • the transaction verification form also includes information (224, FIGURE 11) which is not shown to the customer. This information includes the address of the ISP server, the STS and/or the point of sale computer station which provides service to the customer.
  • This information is obtained from the database or the table accessible to the STSs as disclosed hereinabove, by using the automatically revealed IP address (222, FIGURE 11) of the customer computer station, in the case where the ISP server address is included, or by using the vendor ID, in the case where the point of sale computer station address is included, and may be formatted in the transaction verification form as a uniform resource locator (URL) in an HTML link.
  • IP address 222, FIGURE 11
  • vendor ID in the case where the point of sale computer station address is included
  • URL uniform resource locator
  • the customer can either confirm or deny the transaction after inspecting the transaction details on the transaction verification form. If the customer confirms the transaction, the customer thus connects to the ISP server using the data sent from the STSs in the transaction verification form, and the relevant data in the transaction verification form is then sent to the ISP server.
  • the software module of the ISP server identifies the customer (236, FIGURE 11) according to the IP address (238, FIGURE 11) or other information such as a physical communication port ID and checks whether the customer is certified to pay through the STSP (e.g., whether the customer has a debit account, e.g., 248, FIGURE 11 , established with the ISP).
  • the verification of the customer computer station's identity by the ISP has the advantage of being less susceptible to fraudulent interference, since the ISP server is not connected to the customer computer station over the Internet, in contrast to the STS or the point of sale computer station which are connected to the customer computer station over the Internet and are thus more susceptible to fraudulent interference.
  • the software module of the ISP server records the transaction details (242, FIGURE 11) into a data memory 244 including the customer's user name, the current date and time, the price of the service or product and the terms of payment.
  • the ISP server then connects to the STS and informs the STS whether the customer confirmed or denied the transaction and whether the customer is certified to pay through the STSP, and may also transfer the transaction details back to the STS for validation.
  • the STS then connects to the point of sale computer station using the information obtained from the STS's LUT as disclosed hereinabove, and informs the point of sale computer station whether or not to supply the customer with the requested service or product.
  • the STS may also provide the point of sale computer station with the reason for denial of the service or product.
  • the point of sale computer station supplies the product or service to the customer. For example, if the ordered goods are a tangible product, the point of sale computer station processes the order and issues instructions for mailing the product to the customer. Alternatively, if the customer purchased non-tangible goods such as access to a database, the point of sale computer station enables the customer's computer station to access the database.
  • the point of sale computer station will download the software product over the Internet to the customer's computer station.
  • the point of sale computer station informs the customer computer station of the reason for which it can not fulfill the request.
  • the STSP provides the financial service such as the bank or the credit card company with periodic reports including the details of all the transactions performed over a period of time.
  • the details include the credit card number or bank account number of the ISP from which the transaction was initiated, the credit card number or bank account number of the vendor involved in the transaction and the amount and date of payment or payments.
  • the financial service provider transfers the proper amounts from the ISPs to the relevant vendors.
  • the financial service provider may also deduct a commission for itself and/or for the STSP and/or for the ISP.
  • the ISP bills the customer for the transactions performed by the customer according to the billing agreement already existing between the customer and the ISP.
  • the billing of the customer could alternatively be done by another party, such as a telephone company, in which case all the relevant billing details are transferred from the STSP to this party.
  • ISP is used throughout the present application to represent any organization providing Internet access to one or more computer station. The organization may or may not charge a fee for supplying Internet access.
  • ISP may represent a company owning equipment through which the employees of the company access the Internet.
  • the customer computer stations can be the computer stations used by the employees of the company.
  • the billing of the customers which are company employees for the goods purchased from the vendor may be done by deducting the proper amounts from the salary of the employees.
  • the STS if the STS detects a problem during the steps of the method disclosed hereinabove, the STS will send a message to the relevant server or computer station causing it to cancel the transaction. For example, if the point of sale computer station did not inform the STS that the goods were supplied, the STS instructs the ISP to delete the relevant billing record. In another example, if the STS detects communication failures such as erroneous data or an inability to contact the point of sale computer station, the STS instructs the ISP to delete the relevant billing record.
  • FIG. 2 is a schematic flow chart illustrating the steps of a method for Internet billing performed by a customer of the system of Fig. 1 , in accordance with a preferred embodiment of the present invention.
  • the customer connects to the Internet using the customer computer station (step 80).
  • the customer enters a vendor's site on a point of sale computer station (step 82) and selects goods such as a service or a product which is offered for sale by the vendor (step 84). If the point of sale computer station allows payment for the selected goods through the STSP, the customer selects this payment method (step 86).
  • the customer computer station then receives a transaction verification form from one of the STSs of the STSP 20 (step 88) as disclosed in detail hereinabove.
  • the customer checks the transaction details displayed on the transaction verification form and can confirm or deny his willingness to accept the transaction conditions (step 90). For example, the customer can click on an "accept” or a "reject” button provided on the transaction verification form for confirming or denying the transaction, respectively.
  • the customer's computer station connects to the ISP server of the ISP which provides Internet access to the customer, denies the transaction and transfers control to step 80. If the customer confirmed the transaction, the customer computer station connects to the ISP server of the ISP which provides Internet access to the customer and transfers the transaction details and the transaction confirmation to the ISP server (step 94). The customer can then receive the goods from the vendor or can alternatively receive a denial message from the vendor and the reason for the denial (step 96). For example, the customer can be given access to a database or download a software product from the vendor's server.
  • Fig. 3 is a schematic flow chart illustrating the steps of a method for
  • the point of sale computer station waits until a customer requests goods which are payable through the STSP method (step 102).
  • the point of sale computer station checks if the customer selected payment through the STSP (step 104). If the customer did not select the STSP payment method, the customer can still activate other payment methods in the vendor's site according to the customer choice (step 105) and control is transferred to step 102. If the customer selected the STSP payment method, the point of sale computer station checks if the STS confirmed the transaction (step 106).
  • the point of sale computer station informs the customer through the customer computer station of the reasons for denying the goods (step 107) and transfers control to step 102. If the STS confirmed the transaction, the point of sale computer station checks whether the transaction details sent by the STS are correct (step 108). If the transaction details as sent by the STS are not correct, the point of sale computer station informs the STS that the goods were not supplied (step 109), informs the customer of the reason of denial of goods (step 107) and transfers control to step 102. If the transaction details sent by the STS are correct, the point of sale computer station checks whether the customer computer station is still on-line (step 113).
  • the point of sale computer station informs the STS that the goods were not supplied (step 115) and transfers control to step 102. If the customer computer station is still on-line, the point of sale computer station supplies the goods to the customer as disclosed hereinabove (step 117), informs the STS that the goods were supplied (step 119) and transfers control to step 102. It is noted that if the transaction involved the sale of a tangible product, the product will be sent by the vendor to the customer by mail or by any other suitable delivery method.
  • Fig. 4 is a schematic flow chart illustrating the steps of a method for Internet billing performed by a secure transaction server (STS) of the system of Fig. 1 , in accordance with a preferred embodiment of the present invention.
  • the STS receives the transaction details and the point of sale computer station ID from the customer computer station (step 110), extracts the ISP server details from the database or table as disclosed in detail hereinabove, using the IP address of the customer computer station which is received as part of the communication session details (step 111).
  • the STS sends a transaction verification form to the customer computer station (step 112).
  • the STS waits for a reply from the ISP server of the ISP which provides service to the customer and then checks whether the ISP server confirmed the payment (step 116). If the ISP server has not confirmed the payment, the STS connects to the point of sale computer station, instructs the point of sale computer station to deny goods from the customer and provides the point of sale computer station with the reason for the denial (step 118). The STS then transfers control to step 110. If the ISP server confirms payment, the STS connects to the point of sale computer station, instructs the point of sale computer station to supply the service or product to the customer and sends the transaction details to the point of sale computer station (step 120). The STS then checks whether the point of sale computer station confirmed that the goods were supplied (step 121). It is noted that, if the goods are tangible, the vendor's confirmation may include a confirmation that a mailing order for the purchased goods was processed.
  • step 110 If the point of sale computer station did not confirm that the goods were supplied, the STS transfers control to step 110. If the point of sale computer station confirmed that the goods were supplied, the STS records the transaction details for transfer to the financial service provider (step 122) and transfers control to step 110.
  • Fig. 5 is a schematic flow chart illustrating the steps of a method for Internet billing performed by an ISP server of the system of Fig. 1 , in accordance with a preferred embodiment of the present invention.
  • the ISP server receives the transaction details from the transaction verification form as filled by the customer (step 124) and connects to an available STS (step 126).
  • the ISP server extracts the customer identity according to the communication session details (step 127).
  • the customer identity may be an ID number or a user name which is used by the ISP for identifying the customer.
  • the ISP server checks whether the customer confirmed the payment on the customer's transaction verification form (step 128). If the customer did not confirm payment on the transaction verification form, the ISP server informs the STS that the customer refused payment (step 130) and transfers control to step 124. If the customer confirmed the payment on the transaction verification form, the ISP server checks whether the customer is certified to pay through the STSP (step 132). If the customer is not certified to pay through the STSP, the ISP server informs the STS that the customer is not certified (step 133) and transfers control to step 124. If the customer is certified, the ISP server informs the STS that the payment is authorized and transfers the transaction details to the STS for verification (step 134). The ISP server then records the transaction details for billing the customer (step 136) and transfers control to step 124.
  • the network service provider provides the transaction verification form to the customer.
  • the embodiment instead of using the secure transaction server to provide the form to the customer, the embodiment used the secure transaction server to send the necessary information to the network service provider to enable the network service provider to send the form.
  • the STS After the initial communication between the customer computer station and the available STS is established as described hereinabove, the STS obtains the address of the ISP server from the database or table as disclosed hereinabove, using the automatically revealed IP address of the customer computer station. The STS then sends to the ISP server, the IP address of the customer computer station and the transaction details. The STS also causes the customer computer station to connect to the ISP server using the address of the ISP obtained by the STS from the database or table disclosed hereinabove and sent to the customer computer station. For example, this can be done by using the HTTP 302 Status Response accompanied by a "Location:" header. The ISP server first checks whether the customer is certified to pay through the STSP.
  • the ISP informs the STS that the customer is not certified. If the customer is certified to pay through the STSP, the ISP sends a transaction verification form to the customer computer station. It is noted that the information included in the transaction verification form is as disclosed hereinabove for the first preferred embodiment of the present invention. The customer then confirms or denies the transaction details and the other steps are, in general, performed as disclosed in detail hereinabove.
  • This embodiment performs similar operations as described in Figs. 2-5, with a few modifications.
  • the customer receives the transaction from the ISP server, not the STS.
  • the STS sends the customer information to the ISP server instead of sending the transaction form to the customer.
  • the ISP server would receive the customer information from the STS.
  • the ISP server would send the transaction form to the customer.
  • the customer interacts only with the STS during the verification form procedure.
  • the customer does not send a transaction confirmation/denial to the ISP server. Instead, the customer sends the confirmation/denial to the STS.
  • the STS obtains the identity of the customer from ISP server.
  • the step of validating includes: Automatically receiving by the transaction server from the customer computer station of the transaction details and identification information for identifying the point of sale computer station and the network address of the customer computer station. Identifying the customer. Sending a transaction verification form from the transaction server to the customer computer station, the transaction verification form includes at least the transaction details.
  • the steps of identifying the customer may include: Sending the customer computer station network address from the transaction server to the network service provider server. Finding the customer identity by the network service provider server. Using the customer computer station network address. Sending the customer identity from the network service provider server to the transaction server.
  • the customer computer and the point of sale station perform similar operations as set forth in Figs. 2 and 3.
  • the operation of the ISP server and the STS are set forth in Figs. 6 and 7, respectively.
  • the ISP server receives the transaction details and customer's IP address from the STS (step 140).
  • the ISP server identifies the customer according to the IP address (step 142).
  • the customer identity may be, for example, an ID number or a user name which is used by the ISP for identifying the customer.
  • the ISP server informs the STS that the customer is not authorized (step 146) and transfers control to step 140. If no restrictions arise, the ISP server informs the STS that the payment is authorized, a customer identity (customer ID) is sent to the STS (step 148) and control is transferred back to step 140.
  • the STS receives the transaction details and the point of sale computer station ID from the customer computer station (step 150). The STS then extracts the ISP server details from the database or table (as disclosed in detail hereinabove) using the IP address of the customer computer station which is received as part of the communication session details (step 152).
  • the STS sends the customer computer station IP address to the ISP server (step 154).
  • the STS determines whether the ISP server of the ISP which provides service to the customer identified the customer and confirmed the payment. If the ISP server has not confirmed the payment, the STS connects to the point of sale computer station, instructs the point of sale computer station to deny goods from the customer and provides the point of sale computer station with the reason for the denial (step 158). The STS then transfers control to step 150. If the ISP server confirms payment and sends the customer identification, the STS sends the transaction form to the customer (step 160). In addition, assuming the customer accepts the transaction, the STS connects to the point of sale computer station. Here, the STS instructs the point of sale computer station to supply the service or product to the customer and sends the transaction details to the point of sale computer station.
  • the STS may then determine whether the point of sale computer station confirmed that the goods were supplied (step 162). If the goods are tangible, the vendor's confirmation may include a confirmation that a mailing order for the purchased goods was processed. If the point of sale computer station did not confirm that the goods were supplied, the STS transfers control back to step 150. If the point of sale computer station confirmed that the goods were supplied, the STS records the customer's identity information and transaction details for transfer to the financial service provider and ISP for later billing (step 164) and transfers control to step 150.
  • the network service provider identifies the customer using the telephone number of the customer. The telephony infrastructure of most modern countries now supports the option to identify the initiating side of a telephone call (by transferring his phone number to the called party).
  • the customer's telephone number may be supplied to an ISP, for example, over the telephone infrastructure when the customer calls the ISP.
  • the phone number from which an ISP's client has connected together with the client's name and IP address may be registered and saved on the ISP's servers.
  • the customer's telephone number may be used to identify the customer and/or to bill the customer's telephone account for the product the customer purchased from the vendor.
  • the ISP supplies the customer's phone number, according to his network address.
  • the customer's telephone number may be used to verify the identity of the caller.
  • the ISP or STS
  • the system may deny access to the retail method when the customer identity information of the incoming call does not match the corresponding authorized telephone number.
  • this technique may prevent fraudulent use of a customer's identity information from non-authorized telephones.
  • the customer's telephone number may be used to bill the customer.
  • the STS in cooperation with a telephone company, uses the phone number to bill the customer via his phone bill.
  • the STS uses the phone number and/or other client information to bill an account of the client (for example, as previously discussed).
  • the process of identifying the customer includes the steps of sending the customer computer station network address from the transaction server to the network service provider server, finding the customer phone number by the network service provider server, using the customer computer station network address, and sending the customer phone number from the network service provider server to the transaction server.
  • many of the transaction operations performed according to this embodiment are similar to the operations discussed above.
  • the customer computer and the point of sale station perform similar operations as set forth in Figs. 2 and 3.
  • the operation of the ISP server and the STS are set forth in Figs. 8 and 9, respectively.
  • the ISP server receives the transaction details and customer's
  • the ISP server identifies the customer and extracts the customer phone number according to the IP address (step 172).
  • the customer phone number is the phone number from which the customer initiated the call to the ISP, as recorded by the ISP servers.
  • step 174 the customer can not carry out the transaction (for example, for reasons of an exhausted credit line)
  • the ISP server informs the STS that the customer is not authorized (step 176) and transfers control back to step 174
  • the ISP server sends the customer's phone number to the STS, thus indicating authorization of the payment (step 178) and transfers contral to step 170.
  • the STS receives the transaction details and the point of sale computer station ID from the customer computer station (step 180), extracts the
  • ISP server details from the database or table as disclosed in detail hereinabove using the IP address of the customer computer station which is received as part of the communication session details (step 182).
  • the STS sends the customer computer station IP address to the ISP server (step 184) and then checks whether the ISP server of the ISP which provides service to the customer successfully extracted the customer phone number and confirmed the payment
  • the STS connects to the point of sale computer station, instructs the point of sale computer station to deny goods from the customer and provides the point of sale computer station with the reason for the denial (step 188). The STS then transfers control back to step 180.
  • the STS sends the transaction form to the customer (step 190).
  • the STS connects to the point of sale computer station.
  • the STS instructs the point of sale computer station to supply the service or product to the customer and sends the transaction details to the point of sale computer station.
  • the STS then checks whether the point of sale computer station confirmed that the goods were supplied (step 192). Again, if the goods are tangible, the vendor's confirmation may include a confirmation that a mailing order for the purchased goods was processed.
  • step 194 the STS records the customer's phone number and transaction details for transfer to the financial service provider and telephone company for later billing (step 194) and transfers control to step 180.
  • the STS rather than the ISP server, determines the identity of the customer.
  • Much of the ISP equipment relevant to the embodiments described herein consists of access servers and authentication servers.
  • the access servers are responsible for answering incoming calls from users' computers, receiving a username and password and supplying network services.
  • the authentication servers are responsible for verifying the username and password (as given by the access server) and instructing the access server whether to supply the required network service to the user. Both servers usually register all accesses and operations.
  • the secure transaction service connects directly to the network service provider access server or authentication server or any other relevant server capable of associating the customer computer station network address with the customer identity or phone number or any other information relevant for billing the customer.
  • the STS may then retrieve some or all of the stored information that identifies the customer. For example, the STS may extract the customer's username, phone number, IP address or any other relevant data from the ISP's servers. This may be accomplished, for example, using an SNMP command.
  • a significant advantage of this embodiment is that it may be implemented without installing the software module at the ISP.
  • the customer computer and the point of sale server perform similar operations as set forth in Figs. 2 and 3. No special operations are required of the ISP.
  • the operation of the STS is set forth in Fig. 10.
  • the STS receives the transaction details and the point of sale computer station ID from the customer computer station (step 200), extracts the ISP server details from the database or table as disclosed in detail hereinabove, using the IP address of the customer computer station which is received as part of the communication session details (step 202). Then, at step 204, the STS connects directly to the ISP server (such as an access server or an authentication server) containing information associating IP addresses with identification information (such as usemames or telephone numbers).
  • the ISP server such as an access server or an authentication server
  • the STS connects to the point of sale computer station, instructs the point of sale computer station to deny goods from the customer and provides the point of sale computer station with the reason for the denial (step 208). The STS then transfers control back to step 200.
  • the STS sends the transaction form to the customer (step 210).
  • the STS connects to the point of sale computer station.
  • the STS instructs the point of sale computer station to supply the service or product to the customer and sends the transaction details to the point of sale computer station.
  • the STS then checks whether the point of sale computer station confirmed that the goods were supplied (step 212). Again, if the goods are tangible, the vendor's confirmation may include a confirmation that a mailing order for the purchased goods was processed.
  • the STS transfers control to step 200. If the point of sale computer station did not confirm that the goods were supplied, the STS transfers control to step 200. If the point of sale computer station confirmed that the goods were supplied, the STS records the customer's identification information and transaction details for transfer to the financial service provider and/or telephone company and/or ISP for later billing (step 214) and transfers control to step 200.
  • the system or method of the invention may be practiced in conjunction with customer's who use proxy servers.
  • the proxy server's Internet address rather than the customer's Internet address, may be provided to the STS or the ISP server. Several methods may be used to obtain a customer's actual network address in the event the customer is using a proxy server.
  • the address may be obtained from an HTTP "Forwarded-For" header that may be sent.
  • the header will reveal the customer's address.
  • this method may be easily comprised (i.e., false addresses inserted into the header). As a result, the use of this method may be restricted to verification operations in some applications.
  • the address may also be obtained by integrating directly with the HTTP proxy. If a special module is installed at the HTTP proxy by the STSP, this module can report the true IP of a customer generating a specific request.
  • the address may also be obtained by placing a module on the ISP's network, which is able to monitor all communications between customers and the proxy (hereinafter 'monitor').
  • the STS will then invoke an event with the customer that can be detected by the monitor.
  • An example of such an event is sending a special string of characters to the customer (via the proxy).
  • the monitor will detect this string, and inform the STS to which IP this string was sent.
  • an application that will attempt to contact the secure transaction service or the network service provider may be downloaded to the customer's computer station. This would cause the customer's true Internet address to be disclosed. This could be done, for example, by instructing the browser to download a Java applet that instructs the customer's computer to connect directly to the STS thereby revealing the computer's true address.
  • a large random number is sent from the STS to the customer computer station, and is then sent back from the customer computer station to the STS over the newly established connection. This can be done for example, by inserting the said number in the URL of the said HTML tag, or by instructing the said application to echo the said large number when received. This procedure verifies that the reported IP is known by the Internet infrastructure and further reduces the possibility of fraud.
  • communication between the point of sale computer station and the STS and between the ISP server and the STS can be secured communication.
  • the communication can be secured using a method of encryption such as the data encryption standard (DES) or any other suitable encryption method.
  • a method of authentication can also be used for increased security such as a public key or shared key digital signature method or any other suitable authentication method. This ensures that the transaction verification procedures serve as an encrypted secured verification step and reduces the possibility of fraud.
  • any communication between two parties could in fact be done through a third party. For example, the final confirmation sent from the STS to the vendor could be transferred through the customer. In this case, some method of digital signature could be added to the message in order to protect it from accidental or malicious modification.
  • the retail method of the present invention has the advantage that a vendor needs only establish one agreement with an STSP in order to be able to provide a secure payment method to all the customers of all the ISPs which are connected with the STSP.
  • Another advantage of the STSP method is that an ISP needs to establish only one agreement with the STSP in order to provide a secure payment method between any one of its customers and any of the vendors that have agreements with the STSP, thus, the ISP does not need to establish separate agreements with many vendors.
  • Another advantage of the retail method of the present invention is that the customer can perform secured transactions with all the vendors which have agreements with the STSP, without having to install any software on his computer station. Moreover, using the retail method of the present invention, the customer can perform transactions without having to transmit any sensitive information such as a credit card or account number or other personal details over the Internet.
  • no billing is performed by the STS, the ISP or the financial service provider.
  • the ISP sends to the STS the e-mail address of the customer and the STS periodically sends e-mail messages to the customer reminding the customer of his debt to the vendor from which the goods were received until the vendor informs the STS that the debt has been paid.
  • the STS instructs the ISP to periodically send e-mail messages to the customer reminding the customer of his debt to the vendor from which the goods were received.
  • the vendor informs the STS that the debt has been paid, the STS instructs the ISP to stop sending the e-mail messages to the customer.
  • the vendor may decide to supply the goods to the customer prior to validating the purchasing as disclosed hereinabove.
  • the vendor may provide the customer with access to a database and if the customer finds the information useful, the customer agrees to pay for the information, for example by activating a designated HTML link.
  • the link connects the customer computer station to the STS, transfers the ID of the point of sale computer station and the transaction details to the STS as disclosed in step 1 10 of Fig. 4 and continues with the other steps of Fig. 4 as disclosed hereinabove.
  • the customer downloads software from the point of sale computer station for checking the software prior to performing step 80 of Fig. 2. If the customer decides to pay for the software, the customer connects to the point of sale computer station and performs steps 80 to 94 (Fig. 2) as disclosed hereinabove. It is noted that, in the last example, step 96 is not performed since the software was already downloaded to the customer computer station.
  • the point of sale computer station displays the option of payment through an STSP only to those customer computer stations whose ISPs are capable of participating in the STSP payment system.
  • the point of sale computer station holds a list describing the IP ranges of participating ISPs, as assigned to them by ARIN or any other proper authority. This list is updated from time to time when new IP ranges are assigned, or new ISPs are capable of participating in the STSP payment system.
  • the point of sale computer station determines whether the customer's ISP is capable of participating in the STSP payment system, and invokes the STSP payment option only when it is possible.
  • the proxy address may be used, as most customers use the proxy servers of their ISPs, which of course have an IP in the ISP's range.
  • the customer's true IP address can be obtained using any of the methods described herein.
  • the vendor pays the customer for various actions performed at the point of sale computer station, such as viewing advertisements or providing a service.
  • the vendor's account is billed and the customer's account at the ISP is credited.
  • the method of operation is similar to the standard method, with the difference that negative amounts of money are charged to the customer.
  • the IP extraction is performed in the following manner when complementary software ("plug-in") which uses network connections for its operation is installed in the customer's browser.
  • An example of such a plug-in is RealPlayer from RealNetworks of Seattle, Washington, USA, which is used to play sound and video from a remote server.
  • the IP extraction invokes the plug-in to connect in the background to the server, and since some of these plug-ins connect to servers directly, the true IP address of the customer computer station is revealed.
  • an alternative method of identification is used.
  • the STS queries the service's database for the identity associated with the extracted IP address, rather than querying the ISP's database.
  • the service can be used as a billing proxy, in the same way as the ISP or telephone company were used in previous examples.
  • the step 117 of the retail method shown in Fig. 3, in which the point of sale computer station supplies goods to the customer computer station may involve several customer requests one after another with session management.
  • session management is performed between the HTTP server at the point of sale computer station and the customer.
  • the " server maintains a database whose records crosslink a customer ID received from the secure transaction server with a list of allowed goods and a set of identifiers sent from the customer computer station.
  • the point of sale computer station supplies goods appearing in the list of allowed goods to the customer without the necessity of the point of sale computer station communicating with the STS to re-identify the customer.
  • the collection of identifiers is available to the HTTP server from the browser running on the customer computer station.
  • Fig. 12 is a schematic illustration of a collection of identifiers, according to a preferred embodiment of the present invention.
  • the collection of identifiers are sent by the browser on the customer computer station to the HTTP server on the point of sale computer station with each HTTP request.
  • the collection of identifiers includes communication identifiers 300 and machine identifiers 302.
  • the communication identifiers 300 include the proxy IP address 304 and the customer computer station's IP address 306, and the TCP connection information.
  • the machine identifiers 302 include the cookie 308, a session identifier 310 encoded in an URL, the browser type 312, MIME types as reported by the browser 314, the operating system 316, and the language 318 of the operating system, as reported in the User-Agent and other HTTP headers.
  • identifiers constitute together a 'customer fingerprint' 320 which can be used by the HTTP server to identify the session.
  • An HTTP server receives an HTTP request (step 400), collects the identifiers from the HTTP session, and seeks the best match from the existing database (step 402).
  • the server calculates the statistical significance of the match between the new session and each of known sessions, according to the following formula
  • p(session l ) is the probability that given the collection T of identifiers of the new session, the new session belongs to a known session i .
  • p(session l ) is the a priori probability that the new session belongs to a known session / . For example, if 30% of the sessions are new sessions, and known sessions are equally likely, then p(sess ⁇ on t ) is 0.7/ n , where n is the total number of sessions, and p(session 0 ) is 0.3.
  • p(T ⁇ session : ) is the probability of receiving the collection T of identifiers for the known session ⁇ , and is calculated from the statistical significance of the identifiers, with correlations taken into account.
  • the probability of error can be calculated. For example, if the server decides that the new session belongs to known session / , the probability that this is the correct decision is p(session t ⁇ T) , the probability that the session is in fact a different known session is p(session t ⁇ T) , and the
  • the server makes a decision based on a predetermined scheme (step 404). For example, the scheme may decide that a new session is known if the probability that this is the correct decision is greater than 99%. This is a very important feature of the present invention, as it allows the application designer to limit its error rate in a quantifiable way.
  • T) is calculated by combining the likelihood of each of the identifiers in the collection T
  • Preliminary research can be done to estimate the likelihood of each value (for example, a distribution table of each browser type and version in the population), or the server can calculate this over time by recording each HTTP request into an historical statistical database, or both.
  • These values are expressed as numbers describing the probability that a certain customer will have a certain value for a certain identifier, or the probability that an unknown customer will have this value. For example, the probability that a different customer will have the same IP address previously used by another customer could be estimated as 0.000001 (for example, if this IP address is dynamically assigned by an ISP).
  • the identifiers are correlated. For example, since Internet Explorer does not run on Unix, the probability that a customer uses a Netscape browser is higher if the customer is using the Unix operating system than if the customer is using a Wndows-based operating system.
  • the customer computer station's IP address and the proxy IP address are correlated, since proxy servers usually serve a specific sub-network. Since sub-networks are characterized by a range of IP addresses, these IP addresses are very likely to be associated with the sub-network's proxy. Thus, the proxy IP address loses all significance once the customer computer station's IP address is obtained.
  • the expression p(session 1 ⁇ T) is therefore calculated as the product of multiplying the probability of each identifier. If two or more identifiers have been found, by prior research, to be somewhat correlated, meaning they tend to appear together, their combined probability is reduced in order to compensate for the correlation. For example, if two unrelated identifiers each have each a probability of 0.5 to appear, the combined probability is 0.25. If the two identifiers are correlated, the combined probability can be anywhere between 0.25 and 0.5, depending upon the strength of the correlation.
  • step 406 If the server decides that the new session is a known session / , then user i 's information is retrieved from the database (step 406). If the server decides that the new session is unknown, then the new user's information is obtained (step 408). In step 410, a new entry is created in the database associating the session identifiers with the customer information obtained in step 408.
  • the user information is used as needed (step 412) and the HTTP response is sent (step 414).
  • An example of the user information is that the customer has already paid for a particular product, or the privileges.
  • two cases should be considered: that of normal users, and that of malevolent users (hackers).
  • a certain IP address is assigned to one host on the Internet at a certain time, making it a very significant identifier.
  • a hacker might knowingly spoof this IP address, thus deceiving the system.
  • the likelihood of receiving the same IP address from 2 different customers is higher when one of them is a hacker.
  • p(session ⁇ ⁇ T) has two different values - one for normal users and one for hackers.
  • a vendor whose server which is more likely to be attacked by hackers might choose to give higher priority to the hacker p(session i ⁇ T) than to the normal p(session t ⁇ T) . This will cause the server to require other user identification methods more often.
  • the payment process is not invoked before receiving the product, but is rather integrated into the process of installing or using the software module.
  • a customer installs new software on his computer station, and before completing the installation, the payment process as described above is invoked and the customer is required to pay for the software in order for the installation to be complete.
  • the payment process described above is invoked after a trial period. For example, after 30 days of use, the customer is required to pay before continuing to use the software.
  • the software charges the customer in a pay-per-use model, where the payment process described above is invoked when any number of conditions apply.
  • Such conditions may include, but are not limited to, invoking the payment process when a preset usage time has passed, or when the customer has used the software a preset number of times.
  • the customer buys a tangible product which has to be physically delivered to the customer's address.
  • the system can automatically obtain the customer's home address from a database associating a known customer identifier with an address.
  • a database associating a known customer identifier with an address.
  • white pages directories where the customer phone number (obtained from the customer's caller id, as mentioned hereinabove) is queried to find the customer's full name and address.
  • Another example is an existing billing database at the ISP associating the customer login or username with the customer's full name and address (normally maintained for sending invoices etc.).
  • Another example is an existing billing database at the telephone company, associating the telephone number with the required information.
  • a special non-revealing id can be issued to the transaction, which the merchant can send to, using a courier service (such as United Parcel Service (UPS), Federal Express (FedEx) or DHL).
  • the STSP will provide the association between the transaction ID and the customer's address to the courier service. For example, if the company name of the STSP is "Secure Transactions Ltd.”, the merchant will send a package via UPS bearing the address "Secure Transactions Ltd. 1952382". After identifying the address as a "Secure Transactions Ltd. anonymous address", UPS will ask the STSP for the customer's address matching the transaction ID "1952382", and will replace the address.
  • UPS United Parcel Service
  • FedEx Federal Express
  • the package bearing the transaction ID will be sent to the STSP, the STSP will find the customer's address and send the package to the customer's address.
  • the courier's cooperation is not required.
  • the merchant will send a package via UPS bearing the address "Secure Transactions Ltd. 1952382, Secure Transactions Ltd., 1 Main Street, AnyCity, AnyState".
  • the STSP will receive the package, find the customer's address, and re-send it to the customer (by any method).
  • the customer may be requested to enter a password at the stage of authorizing the transaction, as another measure of security.
  • This password could be defined by the customer once, or could be a piece of information already known to the ISP or STSP (e.g. all or part of the credit card number).
  • connection between the customer computer station and the ISP is not necessarily over telephone lines, but could be over cable TV lines or cellular telephones or any other suitable communication infrastructure.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé permettant des activités de détail sur un réseau longue distance, lequel comprend un poste informatique point de vente, un serveur de fournisseur de services de réseau exploité par un fournisseur de services de réseau, un poste informatique client utilisé par un client et connecté au réseau longue distance par l'intermédiaire du fournisseur de services de réseau, et un serveur de transactions ayant accès aux informations d'identification du fournisseur de services de réseau et au poste informatique point de vente. Ledit procédé consiste à connecter le poste informatique client au poste informatique point de vente, à faire acheter des marchandises par le client depuis le poste informatique point de vente, à faire valider l'achat par le serveur de transactions et le serveur du fournisseur de services de réseau, et à porter le montant de l'achat au débit du compte du client. Cette phase de débit consiste en une transaction au cours de laquelle un compte du client est débité du montant de la transaction au moyen du serveur du fournisseur de services de réseau et au cours de laquelle le montant de la transaction est crédité sur un compte du serveur du fournisseur de services de réseau au moyen du serveur de transactions. Le procédé de détail consiste également à fournir les marchandises au client et à remettre une partie du montant de la transaction à un vendeur exploitant le poste informatique point de vente.
EP00953416A 1999-08-16 2000-08-16 Procede permettant des activites de detail sur un reseau longue distance Withdrawn EP1756722A4 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US37397399A 1999-08-16 1999-08-16
PCT/IL2000/000496 WO2001013289A2 (fr) 1999-08-16 2000-08-16 Procede permettant des activites de detail sur un reseau longue distance

Publications (2)

Publication Number Publication Date
EP1756722A2 EP1756722A2 (fr) 2007-02-28
EP1756722A4 true EP1756722A4 (fr) 2007-02-28

Family

ID=23474704

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00953416A Withdrawn EP1756722A4 (fr) 1999-08-16 2000-08-16 Procede permettant des activites de detail sur un reseau longue distance

Country Status (3)

Country Link
EP (1) EP1756722A4 (fr)
AU (1) AU6591500A (fr)
WO (1) WO2001013289A2 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2001280058A1 (en) * 2000-08-11 2002-02-25 Cardis International Intertrust N.V System and method for micropayment in electronic commerce
CN100344094C (zh) 2004-09-01 2007-10-17 华为技术有限公司 IPv6网络中对多地址用户进行授权计费的实现方法

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0601500A1 (fr) * 1992-12-04 1994-06-15 Testdrive Corporation Transformation de données livrées
WO1997003410A1 (fr) * 1995-07-07 1997-01-30 Andrew Egendorf Procede de facturation sur internet
EP0765068A2 (fr) * 1995-09-22 1997-03-26 AT&T Corp. Système de facturation téléphonique pour services de données interactives et d'informations
WO1997029584A1 (fr) * 1996-02-09 1997-08-14 Telefonaktiebolaget Lm Ericsson (Publ) Facturation de services sur internet
WO1997040615A2 (fr) * 1996-04-22 1997-10-30 At & T Corp. Procede de facturation des transactions effectues sur internet
EP0811942A2 (fr) * 1996-06-07 1997-12-10 Cyber Media, Incorporated Mise à jour automatique de produits logiciels divers dans des systèmes ordinateurs à clients multiples
WO1998026555A1 (fr) * 1996-12-09 1998-06-18 Sun Microsystems, Inc. Procede et dispositif pour l'affectation de filtrage dynamique de paquets
US5790664A (en) * 1996-02-26 1998-08-04 Network Engineering Software, Inc. Automated system for management of licensed software
WO1998040992A2 (fr) * 1997-03-10 1998-09-17 Internet Dynamics, Inc. Procedes et appareil de controle d'acces a des informations
WO1999008218A1 (fr) * 1997-08-11 1999-02-18 Trivnet Ltd. Procede permettant des activites de detail sur un reseau longue distance
WO1999016201A2 (fr) * 1997-09-22 1999-04-01 Zak Sat General Trading Co. Wll Service internet utilisant des satellites asymetriques

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5754655A (en) * 1992-05-26 1998-05-19 Hughes; Thomas S. System for remote purchase payment and remote bill payment transactions
US5553143A (en) * 1994-02-04 1996-09-03 Novell, Inc. Method and apparatus for electronic licensing
US5715314A (en) * 1994-10-24 1998-02-03 Open Market, Inc. Network sales system
TW345642B (en) * 1995-11-21 1998-11-21 Oxford Media Pty Ltd Computer network value payment system
FI972718A0 (fi) * 1996-07-02 1997-06-24 More Magic Software Mms Oy Foerfaranden och arrangemang foer distribution av ett anvaendargraenssnitt
FI105249B (fi) * 1997-12-18 2000-06-30 More Magic Software Mms Oy Menetelmä ja järjestely informaation liittämiseksi verkkoresursseihin
US6009401A (en) * 1998-04-06 1999-12-28 Preview Systems, Inc. Relicensing of electronically purchased software

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0601500A1 (fr) * 1992-12-04 1994-06-15 Testdrive Corporation Transformation de données livrées
WO1997003410A1 (fr) * 1995-07-07 1997-01-30 Andrew Egendorf Procede de facturation sur internet
EP0765068A2 (fr) * 1995-09-22 1997-03-26 AT&T Corp. Système de facturation téléphonique pour services de données interactives et d'informations
WO1997029584A1 (fr) * 1996-02-09 1997-08-14 Telefonaktiebolaget Lm Ericsson (Publ) Facturation de services sur internet
US5790664A (en) * 1996-02-26 1998-08-04 Network Engineering Software, Inc. Automated system for management of licensed software
WO1997040615A2 (fr) * 1996-04-22 1997-10-30 At & T Corp. Procede de facturation des transactions effectues sur internet
EP0811942A2 (fr) * 1996-06-07 1997-12-10 Cyber Media, Incorporated Mise à jour automatique de produits logiciels divers dans des systèmes ordinateurs à clients multiples
WO1998026555A1 (fr) * 1996-12-09 1998-06-18 Sun Microsystems, Inc. Procede et dispositif pour l'affectation de filtrage dynamique de paquets
WO1998040992A2 (fr) * 1997-03-10 1998-09-17 Internet Dynamics, Inc. Procedes et appareil de controle d'acces a des informations
WO1999008218A1 (fr) * 1997-08-11 1999-02-18 Trivnet Ltd. Procede permettant des activites de detail sur un reseau longue distance
WO1999016201A2 (fr) * 1997-09-22 1999-04-01 Zak Sat General Trading Co. Wll Service internet utilisant des satellites asymetriques

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ROZENBLIT M ED - INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS: "SECURE SOFTWARE DISTRIBUTION", PROCEEDINGS OF THE NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (NOMS). KISSIMMEE, FEB. 14 - 17, 1994, NEW YORK, IEEE, US, vol. VOL. 2 SYMP. 4, 14 February 1994 (1994-02-14), pages 486 - 496, XP000452345, ISBN: 0-7803-1812-9 *
See also references of WO0113289A3 *

Also Published As

Publication number Publication date
EP1756722A2 (fr) 2007-02-28
WO2001013289A2 (fr) 2001-02-22
AU6591500A (en) 2001-03-13
WO2001013289A3 (fr) 2001-06-07

Similar Documents

Publication Publication Date Title
EP1031106B1 (fr) Procede permettant des activites de detail sur un reseau longue distance
US11947607B2 (en) Methods and computer-readable media for enabling secure online transactions with simplified user experience
US9037514B2 (en) Authentication for service server in wireless internet and settlement using the same
US20040078325A1 (en) Managing activation/deactivation of transaction accounts enabling temporary use of those accounts
US8595815B2 (en) System and method for selectively granting access to digital content
EP1428185A1 (fr) Procede et element de reseau permettant le paiement par un terminal mobile, par l'intermediaire d'un reseau de communication
AU7402500A (en) Short message service (sms) e-commerce
WO2001082183A2 (fr) Masquage de donnees de facturation privees par attribution d'autres donnees de facturation pouvant etre utilisees pour des transactions commerciales avec des entreprises
KR20060022304A (ko) 휴대폰번호 또는 소정의 가상번호를 이용한 쌍방향금융결제 서비스 방법
EP1416456B1 (fr) Méthode pour maintenir des informations d'un compte prépayé et pour exécuter des transactions dans une système de commerce électronique
KR101122032B1 (ko) 전자거래를 수행하는 방법
JP2007058353A (ja) 電子商取引システム、決済方法、データベースの更新方法、決済代行プログラム、データベース更新プログラム
EP1014672A2 (fr) Dispositif pour la facturation ou autorisation de la facturation utilisant une carte téléphonique
WO2002071177A2 (fr) Procede et systeme de transactions electroniques sensiblement securisees
JP2002230458A (ja) オンラインショッピング決済方法及びそのシステム並びにオンラインショッピング決済プログラム
US20080028207A1 (en) Method & system for selectively granting access to digital content
WO2001013289A2 (fr) Procede permettant des activites de detail sur un reseau longue distance
US20060031168A1 (en) Method for access to multimedia content and a platform for implementation of the method
CA2349306C (fr) Methode et appareil d'execution de transactions automatisees
KR100377182B1 (ko) 전자상거래 서비스를 위한 전화요금결제 지불 게이트웨이장치와 그를 이용한 전화요금결제 지불 방법
KR20010092887A (ko) 인터넷상의 계좌 이체에 따른 수수료 대납 방법 및 시스템
CA2293832A1 (fr) Methode et systeme de protection des transactions de commerce electronique
CA2551179A1 (fr) Methode et appareil d'execution de transactions automatisees
AU6545499A (en) Arrangement for billing or billing authorization using a calling card

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020318

A4 Supplementary search report drawn up and despatched

Effective date: 20050729

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RIN1 Information on inventor provided before grant (corrected)

Inventor name: SHAKED, SHVAT

Inventor name: TAL, OR

Inventor name: WILF, SAAR

Inventor name: RUVIO, GUY

17Q First examination report despatched

Effective date: 20070814

RIN1 Information on inventor provided before grant (corrected)

Inventor name: SHAKED, SHVAT

Inventor name: TAL, OR

Inventor name: RUVIO, GUY

Inventor name: WILF, SAAR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20110415