USRE40444E1 - Four-party credit/debit payment protocol - Google Patents

Four-party credit/debit payment protocol Download PDF

Info

Publication number
USRE40444E1
USRE40444E1 US10622058 US62205803A USRE40444E US RE40444 E1 USRE40444 E1 US RE40444E1 US 10622058 US10622058 US 10622058 US 62205803 A US62205803 A US 62205803A US RE40444 E USRE40444 E US RE40444E
Authority
US
Grant status
Grant
Patent type
Prior art keywords
merchant
consumer
computer
gateway
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active - Reinstated
Application number
US10622058
Inventor
Mark Linehan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PayPal Inc
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes involving intelligent token, e.g. electronic purse

Abstract

A method, system, program, and method of doing business are disclosed for electronic commerce that includes the feature of a “thin” consumer's wallet by providing issuers with an active role in each payment. This is achieved by adding an issuer gateway and moving the credit/debit card authorization function from the merchant to the issuer. This enables an issuer to independently choose alternate authentication mechanisms without changing the acquirer gateway. It also results in a significant reduction in complexity, thereby improving the ease of implementation and overall performance.

Description

This application is a reissue application for U.S. Pat. No. 6,327,578 issued Dec. 4, 2001 on U.S. Ser. No. 09/221,869 filed Dec. 29, 1998.

FIELD OF THE INVENTION

The invention disclosed broadly relates to computer networks and more particularly relates to electronic commerce.

BACKGROUND OF THE INVENTION

Electronic commerce is projected to grow at a high rate and this will have a significant impact on the financial industry. Estimates for 1998 are 700 million dollars worth of total revenues. Further growth promises $1 trillion by 2010. No financial institution will be left unaffected by the rapid growth of electronic commerce. One obstacle that can inhibit this growth, however, is the lack of secure electronic payments. Consumers and merchants are wary of transmitting their payment information over open networks such as the Internet and this caution affects the interest of merchants and financial institutions.

The technology of electronic commerce has adopted a number of terms that need to be defined in order to discuss the prior art and the invention. A short glossary of such terms follows.

    • Acquirer—The financial institution (or an agent of the financial institution) that receives from the merchant the financial data relating to a transaction authorizes the transaction, obtains the funds from the issuer, and pays those funds into a merchant financial account. The acquiring institution can act as its own merchant certificate authority (MCA) or can contract with a third party for service.
    • Authentication—In computer security, the process used to verify the identity of a user or the user's eligibility to access an object; verification that a message has not been altered or corrupted; a process used to verify the user of an information system or protected resources.
    • Authorization—In payment card systems, the process used to verify that a credit or debit account is valid and holds sufficient credit or funds to cover a particular payment. Authorization is performed before goods or services are provided, in order to ensure that the cardholder credit can support payment.
    • Browser—A computer program that allows a user to read hypertext messages such as HTML pages on the World Wide Web.
    • Capture—In payment card systems, the process used by a merchant to claim payment from an issuing bank via an acquiring bank. Capture is performed after goods and services are provided. Optionally, capture may be combined with authorization in the case where goods or services are provided at the time of authorization.
    • Cardholder—A person who has a valid payment card account and uses software that supports electronic commerce. Also known as shopper, online shopper, consumer, or buyer.
    • Certificate—A document issued by a trusted party that serves as physical evidence of the identity and privileges of the holder. Usually used as synonymous with an electronic certificate or digital certificate since an actual document is of little value in a world of electronic commerce.
    • Certificate authority (CA)—an organization that issues certificates. The CA responds to the actions of a Registration Authority (RA) and issues new certificates, manages existing certificates, renews existing certificates, and revokes certificates belonging to users who are no longer authorized to use them.
    • Certificate chain—a hierarchy of trusted digital certificates that can be “chained” or authenticated back to the “chain's” ultimate trust level—the top of the hierarchy called the “root certificate.”
    • Digital certificate—An electronic document digitally signed by a trusted party. The digital certificate binds a person's or entity's unique name to a public/private key pair.
    • Digital signature—Data that is appended to, or is a cryptographic transformation of, a data unit. Digital signature enables the recipient of the data unit to verify the source and integrity of the unit and to recognize potential forgery.
    • Digital wallet or Consumer wallet—Software that works like a physical wallet during electronic commerce transactions. A wallet can hold a user's payment information, a digital certificate to identify the user, and shipping information to speed transactions. The consumer benefits because his or her payment information is handled securely and because some wallets will automatically input shipping information at the merchant's site and will give the consumer the option of paying by digital cash or check. Merchants benefit by receiving protection against fraud. The wallet is used to protect and store credit/debit information, protect the transmission of that information to only the people that are authorized to see it and to authenticate the cardholder.
    • Issuer—a financial institution that issues payment cards to individuals. An issuer can act as its own cardholder certificate authority (CCA) or can contract with a third party for the service.
    • Key pair—In computer security, a matched set of public and private keys. When used for encryption, the sender uses the public key half to encrypt the message, and the recipient uses the private key half to decrypt the message. When used for signing, the signer uses the private key half to sign a message, and the recipient uses the public key half to verify the signature.
    • Merchant server—a Web server that offers cataloged shopping services. The equivalent to a physical store.
    • Password—For computer or network security, a specific string of characters entered by a user and authenticated by the system in determining the user's privileges, if any, to access and manipulate the data and operations of the system.
    • Payment card—a credit card or debit card that is issued by a financial institution and shows a relationship between the cardholder and the financial institution.
    • Registration authority (RA)—An organization or person authorized or licensed to authenticate a certificate requestor's identity and the services that the requester is then authorized to use. The RA approves requests so that certificates can be issued, renewed, updated, or revoked by a CA. The RA is usually a credit officer of an issuing or acquiring bank and approves the certificate requests for its members.
    • Secure Sockets Layer—A security protocol that allows the client to authenticate the server and all data and requests to be encrypted. SSL offers a very limited trust model and a secure link between client and server.
    • Thin wallet—generally the digital wallet program resides on the user's PC, but a “thin” wallet places some of the wallet function on a server, thereby reducing the program size on the user's PC and enabling an easier modification of the wallet's features.
    • Trusted Root—the base or top level certificate that provides the basis for the trusted hierarchy.

The prior art SET Secure Electronic Transaction™ (trademark and service mark owned by SET Secure Electronic Transaction LLC) protocol has been developed as a method to secure bankcard transactions over public networks. SET is an open standard, multi-party protocol for conducting secure bankcard payments over the Internet. SET provides message integrity, authentication of all financial data, and encryption of sensitive data.

SET is a 3-party protocol involving a cardholding consumer, a merchant, and a payment gateway operating on behalf of the acquiring bank, as shown in FIG. 1. When a consumer is ready to buy something from a merchant on the internet using a credit or debit card, the consumer's computer 102 sends a consumer payment request over internet path 120 to the merchant's computer 104, in a first step. The merchant's computer 104 forwards the consumer's payment request over internet path 122 during a second step to an acquirer gateway 106 operating on behalf of the acquirer bank 108. The acquirer gateway 106 passes the consumer's payment request to the acquirer bank 108 over a private network path 122′. The acquirer bank 108 sends the consumer's payment request to the card issuing bank 112 over the private network path 124 to check whether the consumer's credit or debit card account is active and sufficient for the proposed transaction with the merchant. The issuing bank 112, as the card issuer, authorizes the transaction in a message sent over private path 126 to the acquiring bank 108. The acquiring bank 108 sends the transaction authorization over private path 128′ to the acquirer gateway 106, signing the message with the acquiring bank's digital signature. The acquirer gateway 106 forwards it over the internet path 128 to the merchant, authorizing the merchant to proceed with the transaction. Once the merchant has received the transaction authorization from the acquirer gateway 106, the merchant completes the sales transaction with the consumer. Then later, the merchant sends a message over internet path 142 to the acquirer gateway 106 to capture the transaction and get paid. The acquirer gateway then sends a payment message over path 144 to the merchant. The acquiring bank 108 may participate in some or all of the payment steps over private network paths 142′ and 144′. Then, at the end of the business day, the acquiring bank will settle accounts with the issuing bank 112 over the private network.

Some implementors of SET are providing “thin” wallets, where all or some of the wallet function are implemented in server systems rather than in consumer-controlled machines. Where the wallet servers are run by issuing banks, it would be desirable to have the wallet serves directly authorize transactions before they are submitted to merchants. This would save the time and complexity required when the merchants obtain authorization from issuers through the merchant's acquiring banks. It would also be desirable to expand the cardholder authentication methods supported by the SET protocol, to enable an issuer to independently choose alternate authentication mechanisms without changing the acquiring gateway. As with any system, it would also be desirable to simplify the SET protocol in order to enable its easier implementation and to improve its overall performance.

SUMMARY OF THE INVENTION

The invention disclosed herein is a method, system, program, and method of doing business for electronic commerce that expands the role of a “thin” consumer's wallet by providing issuers with an active role in each payment. This is achieved by adding an issuer gateway and moving the credit/debit card authorization function from the merchant to the issuer. This enables an issuer to independently choose alternate authentication mechanisms without changing the acquirer gateway. It also results in a significant reduction in complexity, thereby improving the ease of implementation and overall performance.

The method of the invention includes the step of sending from a consumer's computer a start message over an internet network to a merchant's computer. The merchant's computer then replies to the consumer's computer with a merchant message including a wallet initiation message, a merchant digital signature, and a digital certificate from an acquiring bank. The wallet initiation message includes a payment amount, an order description, a timestamp, and a nonce. This starts a consumer's wallet program in the consumer's computer in response to the wallet initiation message. The consumer's computer then sends over the internet network some consumer identity and authentication information, such as a userid and user password, plus the merchant message, to an issuer gateway operating on behalf of an issuing bank.

The issuer gateway verifies the merchants signature to prove that the consumer is dealing with the actual merchant and validates the merchant's certificate and the acquirer's certificate to prove that the merchant and issuer share a common financial arrangement. The issuer gateway then verifies that the consumer's account is active and has sufficient funds and/or credit to support the payment amount. The issuer gateway then pre-authorizes payment by sending over the internet network an authorization token, an issuer's digital certificate, the wallet initiation message, and a reference value representing the consumer's credit or debit card number. The authorization token includes the payment amount, order description, timestamp, a random nonce plus a merchant identifier and the reference to the consumer's credit or debit card number. The issuer gateway signs the authorization token. This information can be sent either to the consumer or to the merchant to fulfill the order description. If sent to the consumer, the consumer forwards the authorization token to the merchant. The merchant verifies the issuer's signature, issuer's digital certificate, and authorization token contents to validate that the payment is authorized by the issuer.

Once the merchant has received the authorization token from the issuer gateway, the merchant completes the sales transaction with the consumer. Then later, the merchant sends a message, including the reference value representing the consumer's card number, over the internet to an acquirer gateway operating on behalf of an acquirer bank, to capture the transaction and get paid. The acquiring bank will settle accounts with the issuing bank over a private network by sending a settlement message that includes the reference to the consumer's card number. The issuing bank will convert the reference value into the consumer's card number and apply the transaction amount to the consumer's balance in his credit card or deposit account.

If the transaction is later disputed, the merchant can prove that the issuer authorized the payment by producing a copy of the authorization token. The combination of the issuer's signature on the authorization token, the issuer's digital certificate, and the contents of the authorization token provide undeniable proof that the issuer authorized the payment.

If privacy is desired, the communication among the consumer wallet, issuer gateway, and merchant can be protected via the Secure Socket Layer (SSL) protocol.

SET was designed for both Web and email use. The start and wallet initiation messages described above would not be used in an email implementation, however, the rest of the invention would not change. The contents of the wallet initiation message in an email implementation comes from another source, such as a CD-ROM, in which case, it could not be signed.

In this manner, a “thin” wallet is enabled for the consumer in an electronic commerce protocol that is significantly simpler than the SET protocol, and that pre-authorizes payments thereby improving overall performance and enabling greater flexibility for issuer in the authentication of cardholders.

Another feature of the invention is providing a financial institution's digital certificate containing a network address or URL that identifies the network location of the financial institution contacted via an internet network as part of a payment protocol. This can be applied to both the issuing bank and the acquiring bank. Many other features of the invention are also disclosed.

DESCRIPTION OF THE FIGURES

FIG. 1 illustrates the prior art SET three-party protocol.

FIG. 2A illustrates the four-party protocol, in accordance with the invention.

FIG. 2B illustrates the route of the authorization token in the four-party protocol, in accordance with the invention.

FIG. 2C illustrates the use of a consumer's smart card in the four-party protocol, in accordance with the invention.

FIG. 3 is a flow diagram of the four-party protocol, in accordance with the invention.

FIG. 4 illustrates a variation in the four-party protocol, wherein the signed authorization token is sent directly to the merchant, in accordance with the invention.

FIG. 5 illustrates the four-party protocol as applied to a plurality of issuing banks, in accordance with the invention.

FIG. 6 illustrates the four-party protocol as applied to a plurality of issuing banks and a plurality of acquiring banks, in accordance with the invention.

FIG. 7 illustrates the issuer gateway processor, in accordance with the invention.

FIG. 8 is a flow diagram of the issuer gateway process in the four-party protocol, in accordance with the invention.

DISCUSSION OF THE PREFERRED EMBODIMENT

FIG. 2A illustrates the four-party protocol, in accordance with the invention. A principal feature of the invention is providing an issuer gateway and moving the credit/debit card authorization function from the merchant to the issuer thus enabling pre-authorization of payments. The four-party protocol method of the invention includes the step of sending from a consumer's computer 202 start message 220 over an internet network to a merchant's computer 204. The merchant's computer 204 then replies to the consumer's computer 202 with a merchant message 222 including a wallet initiation message, a merchant digital signature, and a digital certificate from an acquiring bank 208. The wallet initiation message includes a payment amount, an order description, a timestamp, and a nonce. This starts a consumer's wallet program in the consumer's computer 202 in response to the wallet initiation message. The consumer's computer 202 then sends a message 224 over the internet network including some consumer identity and authentication information, such as a userid and user password, plus the merchant message, to an issuer gateway 214 operating on behalf of an issuing bank 212.

The acquiring bank's digital certificate can contain a network address or URL that identifies the network location of the acquiring bank contacted via an internet network as part of a payment protocol.

The issuer gateway 214 verifies the merchant's signature to prove that the consumer is dealing with the actual merchant and validates the merchant's certificate and the acquirer's certificate to prove that the merchant and issuer share a common financial arrangement. The issuer gateway 214 then verifies that the consumer's account is active and has sufficient funds and/or credit to support the payment amount. Then, as shown in FIG. 2B, the issuer gateway 214 then pre-authorizes payment by sending over the internet network an authorization token 254 over path 226, an issuer's digital certificate, the wallet initiation message, and a reference number or value 252′ representing the consumer's credit or debit card number. The reference number 252′ is created by the issuing bank 212, for example by preparing a table of credit card or debit card numbers 250 and a corresponding table of reference numbers 252. The issuing bank pairs the consumer's card number 250 with a selected reference number 252 and outputs the reference number over path 226′ to the issuer gateway 214. The issuer gateway then includes the reference number 252′ with the authorization token 254. The authorization token 254 includes the payment amount, order description, timestamp, a random nonce plus a merchant identifier and the reference number 252′ to the consumer's credit or debit card number. The issuer gateway 214 signs the authorization token 254 on behalf of the issuing bank 212. This information can be sent either to the consumer 202 over path 226 as shown in FIG. 2B, or directly to the merchant 204 over path 402 as shown in FIG. 4, to fulfill the order description. If sent to the consumer 202 in FIG. 2B, the consumer forwards the authorization token 254 to the merchant 204 over path 228, as shown in FIG. 2B, the merchant 204 verifies the issuer's signature, issuer's digital certificate, and authorization token contents to validate that the payment is authorized by the issuer 212.

The issuing bank's digital certificate can contain a network address or URL that identifies the network location of the issuing bank contacted via an internet network as part of a payment protocol.

Once the merchant 204 has received the authorization token 254 from the issuer gateway 214, the merchant 204 completes the sales transaction with the consumer 202. Then later, the merchant 204 sends a capture request message 256 over path 242, including the reference number 252′ representing the consumer's card number, over the internet to an acquirer gateway 206 operating on behalf of an acquirer bank 208, to capture the transaction and get paid. The acquiring bank 208 will settle accounts with the issuing bank 212 over a private network shown in FIG. 2B, by sending a settlement message 258 that includes the reference number 252′ to the consumer's card number. The issuing bank 212 will convert the reference number 252′ into the consumer's card number 250 and apply the transaction amount to the consumer's balance in his credit card or deposit account.

If the transaction is later disputed, the merchant 204 can prove that the issuer 212 authorized the payment by producing a copy of the authorization token 254. The combination of the issuer's signature on the authorization token, the issuer's digital certificate, and the contents of the authorization token provide undeniable proof that the issuer authorized the payment.

If privacy is desired, the communication among the consumer wallet, issuer gateway, and merchant can be protected via the Secure Socket Layer (SSL) protocol.

The invention can be applied to both the internet World Wide Web and to email use. The start message 220 and wallet initiation messages 222 described above would not be used in an email implementation, however, the rest of the invention would not change. The contents of the wallet initiation message in an email implementation comes from another source, such as a CD-ROM, in which case, it could not be signed.

In this manner, a “thin” wallet is enabled for the consumer in an electronic commerce protocol that is significantly simpler than the SET protocol, and that pre-authorizes payments, thereby improving overall performance and enabling greater flexibility for issuer in the authentication of cardholders.

FIG. 2C illustrates an example use of a consumer's smart card in the four-party protocol, in accordance with the invention. The smart card 262 owned by the consumer can be used to authenticate the consumer to the issuer gateway. When the consumer's computer 202 sends an attempt message 272 which attempts to connect with the issuer gateway 214, the issuer gateway responds to the consumer computer with a challenge message 274. The consumer computer 202 then passes the challenge on to the smart card reader 260, which passes it on as the challenge 274′ to the smart card 262. The smart card 262 then signs the challenge with its digital signature and returns the signed challenge response 276 to the consumer's computer 202. The consumer's computer 202 then combines the signed challenge response 276 with the merchant's initiation message 224 and sends it on to the issuer gateway. The issuer gateway 214 verifies the smart card's signature and thus verifies the consumer's identity.

The invention includes the use of a variety of methods to perform authentication of the consumer with the issuer gateway 214. Examples include a userid and a password, an ATM debit card number and PIN, a smart card's account number and a symmetric Message Authentication Code (MAC), a smart card's account number and asymmetric digital signature, a consumer's digital signature and digital certificate, a consumer's a user account number and a symmetric MAC or asymmetric digital signature , a user account number and an asymmetric digital signature, or a consumer's biometric signal. This wide choice of authentication methods between the consumer and the issuer gateway is possible because issuers have an active role in each payment. This enables an issuer to independently choose alternate authentication mechanisms without changing the acquirer gateway.

FIG. 3 is a flow diagram 300 of the four-party protocol, in accordance with the invention. It begins with step 302 where the consumer presses the “pay” button on the merchant's HTML internet browser page to send the start message to the merchant. Then in step 304, the merchant sends to the consumer the wallet initiation message with the payment amount, order description, timestamp, and nonce. The merchant signs the message and includes a digital certificate from the acquiring bank. Then in step 306, the consumer's wallet is started, the consumer logs on, and the user's identification and authentication information and the merchant's initiation message are sent to the issuer gateway. Then in step 308, the issuer gateway verifies the merchant's signature to prove that the consumer is dealing with the actual merchant and validates the merchant's certificate and the acquirer's certificate to prove that the merchant and issuer share a common financial arrangement. Then in step 310, the issuer gateway authorizes payment by sending over the internet network an authorization token, an issuer's digital certificate, the wallet initiation message, and a reference to the consumer's credit or debit card number. Then in step 312, the authorization token including the payment amount, order description, timestamp, a random nonce plus a merchant identifier and a reference to the consumer's credit or debit card number are forwarded to the merchant. Then later in step 314, the merchant submits the authorization token in a capture request to the acquirer bank. Then in step 316, the acquirer bank settles with the issuer bank.

FIG. 4 illustrates a variation in the four-party protocol, wherein the signed authorization token is sent directly to the merchant on path 402 and the merchant sends a confirmation message 410 to the consumer.

FIG. 5 illustrates the four-party protocol as applied to a plurality of issuing banks, in accordance with the invention. Here a plurality of issuing banks 212A, 212B and 212C can communicate over private networks with a common issuer gateway 214.

FIG. 6 illustrates the four-party protocol as applied to a plurality of issuing banks and a plurality of acquiring banks. Here a plurality of issuing banks 212A, 212B and 212C can communicate over private networks with a common issuer gateway 214 and a plurality of acquiring banks 208A, 208B, and 208C can communicate over private networks with a common acquirer gateway 206.

FIG. 7 illustrates the issuer gateway processor, in accordance with the invention. theThe processor 700 includes a memory 702, a bus 704, a CPU processor 708, and an issuer gateway transaction manager base switch 770. The base switch 770 includes a front-end that includes a front-end local server 774, a front-end HTTP server 776, and a front-end TCP server 778. The base switch 770 includes a back-end that includes a back-end UNIX client 780, a back-end TCP/IP client 782, and a back-end LU6.2 client 784. A route 772 connects the front-end to the back-end. The front-end is connected to consumers 202 and the back-end is connected to issuers 212. The memory 702 includes issuer “A” interface buffers 730, issuer “B” interface buffers 740, the four-party credit/debit payment protocol program 750, front-end server communication protocols 752, back-end client communication protocols 754, and the operating system 756. The programs stored in the memory 702 are sequences of executable instructions which when executed in the CPU 708 perform the methods of the invention.

FIG. 8 is a flow diagram 800 of the issuer gateway process in the four-party protocol, in accordance with the invention. In step 802, the issuer gateway receives the consumer's payment request. Then step 804 authenticates the message using the consumer's authentication information. Then step 806 authenticates the merchant's wallet initiation message using the merchant's public key and digital certificate. Then step 808 confirms that the consumer's credit or deposit is sufficient for the transaction. Then step 810 accesses from the issuer a consumer reference number corresponding to the credit consumer's card number. Then step 812 generates an authorization token signed with the issuer's signature using a private key and digital certificate. Then step 814 sends to the consumer's wallet the signed authorization token and the issuer's certificate, with the wallet initiation message and the consumer's card reference number. Then step 816 sends a confirmation to the issuer.

The resulting invention has many advantages. It fits well with server-based (thin) wallets (which would operate in the issuer gateways). It separates the authentication technology used between the consumer and issuing bank from the remainder of the payment protocol. It permits each issuing bank to determine how it will authenticate its consumers (e.g. userid/password, symmetric or asymmetric keys with or without digital certificates or smart cards, other security hardware). It avoids the use of digital certificates for consumers. It pre-authorizes payments, eliminating the cost and delay of real-time authorization through the private network between the acquirer and the issuer. It reduces overhead for merchant and payment gateway, since payments are authorized before they reach the merchant, and since much less cryptography is required. It provides protection for the credit or debit card number, without using encryption. It complies with U.S. export laws and foreign cryptography usage laws by not using any encryption. It has potential for lower development and testing costs (compare to SET) because of a simpler design. Examples of the simpler design include avoidance of encryption; elimination of the requirement for consumer certificates; and avoiding any requirement for the consumer wallet to validate certificates, generate digital signatures, or verify digital signatures. The invention supports Japanese Payment Options and other issuer-based payment features in a manner simpler than SET.

A more detailed discussion of the protocol steps follows:

1. In FIG. 2A, path 220, the Consumer uses a browser to shop at a merchant WWW site. Consumer presses a “pay” button on merchant's HTML page, or otherwise indicates consumer is ready to make a payment.

II. In FIG. 2A, path 222, the Merchant sends a wallet initiation message to the consumer, containing payment amount, order description, timestamp, a random nonce, and possible additional data depending upon requirements. The merchant signs this initiation message and includes a digital certificate provided by the acquiring bank.

3. In FIG. 2A, path 224, the Wallet initiation message causes consumer's browser to start consumer's wallet. Consumer is prompted to logon to the wallet using userid/password, smartcard, or other appropriate authentication mechanism. Wallet sends data from step 1, plus consumer's identity and authentication data to the issuer gateway.

4. In FIG. 2A, path 226, the Issuer gateway verifies the merchant's signature and digital certificate to validate that the merchant and issuer share a common financial arrangement established by national law or a financial association such as MasterCard, Visa, an ATM network, or similar organization. Issuer gateway authorizes payment via issuer's card processing system. Issuer gateway generates and sends a signed authorization token to the consumer wallet, along with the issuer gateway's certificate. The authorization token contains the data from step 1 plus a merchant identifier and a reference to the consumer's credit card number. The “reference” is discussed below in more detail.

Note that the authorization token is “bound” to the particular payment by the reference to the consumer's credit card number, merchant identifier, payment amount, timestamp, and nonce. This means that a specific authorization token is good for just one payment.

5. In FIG. 2A, path 228, the consumer's wallet forwards the authorization token to the merchant, which can verify both the issuer gateway's signature and the data in the authorization token. No separate realtime authorization is required since the payment is “pre-authorized” before it reaches the merchant.

6. In FIG. 2A, path 242, at some later time, the merchant submits the authorization token in a capture request to the acquirer's payment gateway. The capture request tells the acquirer to actually post the charge to the consumer's credit or debit account. Confidentiality of these messages can be obtained, if desired, by transmitting them within SSL sessions. The integrity and authenticity of the messages does not depend upon SSL so that the messages can be used both to authorize ongoing processing steps, and to provide proof that the transactions occurred.

Note that the consumer wallet software necessarily provides very little function in this design. Most of the payment protocol function is performed in the issue gateway. At minimum, the wallet provides some method of authenticating the consumer to the issuer gateway, as discussed below. If consumer wallets are shared among issuers, then the authentication scheme must be shared, but the authentication data (e.g. smart card) could be different for each issuer. If consumer wallets are not shared among multiple issuers, as shown in FIG. 5, then the authentication mechanism (smart card, userid/password) could be different for each issuer.

The consumer wallet must provide payment request timeout and retry functions. Most other functions can be placed in either the consumer wallet or the issuer gateway. These include most of the user interface, the payment inquiry function, the payment transaction log, support for multiple consumer cards, and support for payment selection. Implementing these functions at the consumer machine would result in a “fat” wallet; implementing them in the issuer gateway would result in a “thin” wallet.

Message processing functions (parsing and checking incoming messages, generating complex outgoing messages) are much simpler than in SET, since no encryption is used; the wallet need not examine the merchant's data in step 1 and the authorization token from step 2; and the wallet neither generates nor verifies signatures.

The merchant, acquirer gateway, and issuer gateway should implement replay detection both to handle error retries and to defined against malicious replay attacks.

Reference to Credit/Debit Card Number

At step 4, the issuer gateway includes a “reference” to the consumers card number in the authorization token. If the actual card number were used, the authorization token—or at least the card number—would have to be encrypted in steps 3, 4, and 5. Instead, the 4-party protocol uses a “reference”, which can be composed in either of the following ways:

    • a. The reference is an “alias card number”, meaning a secondary account number that is mapped at the issuing bank to the real card number. This is similar to an approach discussed (and rejected) during the SET design, and actually used in the X9.59 ANSI draft. The alias card number is only used for Internet-based transactions that are accompanied by an authorization token. A stolen alias card number has no use without an authorization token, so it does not entail any risk to real-world credit cards.
    • b. The reference is an authorization number allocated uniquely by the issuer gateway for each authorization. This authorization number is passed by the acquirer gateway back to the issuing bank in the capture message. The issuing bank maintains a database mapping authorization numbers to card numbers. When the issuing bank receives the capture message, it uses this database mapping to determine the actual card number.

To support this design, the authorization token would include a dummy card number for use in routing the payment to the appropriate issuer. This dummy card number could be shared among all cardholders using this 4-party protocol. Either of these alternatives can support interfacing to the existing capture networks that interconnect acquiring and issuing banks.

Certificate Hierarchy

The 4-party protocol is supported by a certificate hierarchy that covers issuing banks, acquiring banks, and merchants. The certificate hierarchy is used with standard asymmetric (public-key) digital signatures to identify the protocol participants to each other. The certificates represent the common financial agreements and obligations among these parties. In particular, the issuing bank certificates identify and help authenticate issuing banks to merchants, providing a basis for the merchants to trust the authorization tokens provided by the issuing banks. The acquiring bank and merchant certificates identify and help authenticate the corresponding participants to issuing banks. This serves several purposes: (a) identifies the merchant to the consumer; (b) verifies that the merchant is a valid participant of the payment scheme before the issuing bank provides an authentication token; (c) helps deter some forms of attack on issuing banks by requiring participation of both a consumer and merchant in an attack. The certificate hierarchy is illustrated in the following Table I:

TABLE 1
Certificate Type Purpose Issuing Party Relying Parties
Root Provide trust base Root (self) All
for entire protocol
Issuing bank Identify & help Root Merchant,
authenticate valid Acquiring
issuing banks to bank
merchants.
Acquiring bank Identity and help Root Issuing bank,
authenticate valid consumer
acquires to issuing
banks and
consumers.
Merchant Identify and help Acquiring Issuing bank,
authenticate valid Bank consumer
merchants to issuing
banks and
consumers.

Consumer certificates are not required, since the consumer authenticates to the consumer's own issuing bank. The consumer and bank have a long-term established relationship, so the bank can keep a data base containing the symmetric or asymmetric key required to authenticate the consumer.

X.509 or other established digital certificate formats are used. Each certificate identifies the certificate owner by name, physical address, network address, and so forth. In particular, the issuing gateway's certificate should contain the issuing gateway's network address to support split, recurring, and installment payments as described below. The merchant's certificate should contain the merchant's name, address, and contact information to assist in dispute resolution. The merchant's certificate should identify the acquiring bank that holds the merchant's business account used to settle payments.

The certificate hierarchy must be rooted by an authority jointly trusted by the banks. The root could be run by individual credit or debit brand associations, such as MasterCard, Visa, or the ATM network associations, by a national regulator such as the Federal Reserve, or by an international organization such as the WTO or World Bank. The choice of who runs the root is associated with the question of who establishes and enforces the business and regulatory arrangements between the issuing and acquiring banks. If national or international commercial laws define these arrangements (as with paper checks), then a public organization would be appropriate. If private bilateral or multi-lateral banking contracts define these arrangements, then financial associations (such as MasterCard or Visa) might operate the root. The organization of the certificate hierarchy should reflect the business arrangements. Possible arrangements could include separate hierarchies for separate countries or financial associations (e.g. one hierarchy for Visa, and another for MasterCard); a shared hierarchy as with SET (e.g. an industry root that grants certificates to sub-trees for financial associations or countries); or other variations.

Consumer Authentication

An advantage of this design is the fact that the issuing bank can choose the technology used to authenticate the consumer to the issuer gateway. Possibilities include many standard techniques common in the industry:

    • Userid and password, for example as provided by basic authentication in standard WWW browsers.
    • Account number and ATM PIN.
    • Software- or smart card-based symmetric or asymmetric authentication, where the issuer gateway obtains matching key verification information from a database.
    • Asymmetric authentication using digital certificates, for example using SSL v3 as implemented in WWW browsers. This could be implemented using either software or smart cards.
    • Proprietary hardware tokens.
    • Biometrics.

End-user authentication involves a complex trade-off between cost, security, risks, portability and end-user convenience. Furthermore, the trade-offs change over time as new user authentication technology is invented. Unlike SET, the 4-party protocol design allows individual issuing banks to make their own choices for their customers, independently of the digital certificate technology used to authenticate merchants to issuers, and banks to each other.

Split Shipments, Recurring Payments, and Installment Payments

SET provides the following features:

    • Split shipments support merchants who must back-order merchandise.
    • The merchant can divide a payment into two or more portions that are separately authorized and settled, without consumer interaction.
    • Recurring payments support merchandising schemes such as monthly newspaper subscriptions. The merchant can authorize and capture payments on a regular schedule, given initial consumer approval and without further consumer involvement.
    • Installment payments permit consumers and merchants to stretch a payment over time. At the time of a purchase the consumer and merchant agree to a particular schedule and the merchant or acquiring bank then automatically authorize and capture payments according to the schedule.

Split shipments are supported in the 4-party protocol by an additional message interaction between the merchant and issuer gateway, as shown in FIG. 4. When the merchant discovers that it needs to split a shipment, it sends the authorization token from step 3 to the issuer gateway identified in the issuer's digital certificate. This is a message merchant request message on path 402 of FIG. 4. The merchant includes the details of the split requirement, such as the amount of the first payment. The merchant authenticates the request by signing it and including the merchant's digital certificate. The issuer gateway can verify that the merchant signing message is the same merchant that signed the merchant request message. The issuer gateway verifies the split request according to its business and risk management policies, and responds with a new authorization token in a message on path 402 of FIG. 4. Consumer confirmation of split shipments is sent on pad 410 in step S. In step 6, the merchant forwards the new authorization token in the capture message on path 242 of FIG. 4 to the acquirer gateway. This message is the same message as in the basic protocol design. The merchant resubmits the new authorization token in a second message on path 242 of FIG. 4, whenever the merchant has shipped the second part of the shipment. If the merchant needs to further split the shipment, then messages on paths 402 and 242 of FIG. 4 can be repeated as needed.

The 4-party protocol can support recurring and installment features by a combination of additional information in the authorization token, and messages on paths 402 and 242 of FIG. 4. Specifically, the steps of the basic protocol are modified as follows:

    • 1. The wallet initiation message contains additional parameters that identify the terms of any recurring or installment payment agreed between the merchant and consumer.
    • 2. The wallet should display these terms to ensure consumer awareness and agreement. The wallet forwards the additional parameters to the issuer gateway.
    • 3. Issuer gateway verifies that the recurring or installment terms are acceptable according to the issuer's business and risk management policies. The issuer gateway includes the terms as additional parameters in the authorization token.
    • 4. The consumer's wallet forwards the authorization token (with additional parameters) to the merchant as in the basic protocol, in the message on path 228 of FIG. 2A.
    • 5. The capture of the first installment or recurring payment occurs as with the basic protocol, in the message on path 242 of FIG. 2A.
    • 6. The merchant authorizes the second and subsequent installment or recurring payments by sending the message on path 402 of FIG. 4 to the issuer gateway. The additional parameters in the authorization token allow the issuer gateway to recognize and appropriately handle these special payment types. The issuer gateway returns a new authorization token in another message on path 402 prime of FIG. 4 that can be used both for captures (in a message on path 242 of FIG. 4) and further authorization by repeating messages on path 402 of FIG. 4 as required.
Japanese Payment Options

SET supports a special business arrangement that is common in Japan. Issuing banks and merchants attract customers and business by offering installment and other payment arrangements that are managed by the banks rather than the merchants. This involves a very complex protocol among all the SET participants.

The 4-party protocol facilitates this feature because the consumer wallet and issuer gateway directly interact. Specifically, at step 4 of the protocol on path 226 of FIG. 2A, the issuer could offer special payment arrangements to the consumer. These arrangements could be conditioned on the merchant name (from the merchant's digital certificate), the amount of payment (from the initiation message), or other data supplied by the merchant in the initiation message. The remaining steps of the 4-party protocol can operate unchanged from the base design. This considerably simplifies the JPO protocol support (compared to SET), while providing an opportunity for issuers to differentiate themselves and attract consumer business.

Protocol Flow Variation

Many variations of this 4-party design are possible. A principle one is shown in FIG. 4. This variation has the same four steps as the basic design, but the authorization token is sent directly from the issuer gateway to the merchant. Specifically:

    • 1. In FIG. 4, path 220, the Consumer uses a browser to shop at a merchant WWW site. Consumer presses a “pay” button on merchant's HTML page, or otherwise indicates consumer is ready to make a payment.
    • 2. In step 2, the Merchant sends a wallet initiation message on path 222to the consumer, containing payment amount, order description, timestamp, a random nonce, and possible additional data depending upon requirements. The merchant signs this initiation message and includes a digital certificate provided by the acquiring bank.
    • 33.3. In FIG. 4, path 224, the Wallet initiation message causes consumer's browser to start consumer's wallet. Consumer is prompted to logon to the wallet using userid/password, smartcard, or other appropriate authentication mechanism. Wallet sends data from step 1, plus consumer's identity and authentication data to the issuer gateway.
    • 4. In FIG. 4, path 402, the issuer gateway verifies the merchant's signature and digital certificate to validate that the merchant and issuer share a common financial arrangement established by national law or a financial association such as MasterCard, Visa, an ATM network, or similar organization. Issuer gateway authorizes payment via issuer's credit card processing system. Issuer gateway generates and sends a signed authorization token directly to the merchant, along with the issuer gateway's certificate. The authorization token contains the data from step 1 plus a merchant identifier and a reference to the consumer's credit card number, as with the base protocol.

Note that the authorization token is “bound” to the particular payment by the reference to the consumer's credit card number, merchant identifier, payment amount, timestamp, and nonce. This means that a specific authorization token is good for just one payment.

    • 5. In FIG. 4, path 402, the merchant verifies both the issuer gateway's signature and the data in the authorization token. No separate realtime authorization is required since the payment is “pre-authorized” before it reaches the merchant. Merchant sends acknowledgement back to issuer gateway.
    • 5 6. In FIG. 4, path 224, the Issuer gateway sends acknowledgement back to the consumer wallet, which terminates so that normal browsing can proceed.
    • 6 7. In FIG. 4, path 242, at some later time, the merchant submits the authorization token in a capture request to the acquirer's payment gateway. The capture request tells the acquirer to actually post the charge to the consumer's credit or debit account.

The difference between this and the base design is that the issuer gateway sends the authorization token directly to the merchant, instead of relaying it through the consumer wallet. The primary advantage of this design is that it matches a “thin” wallet design by moving responsibility for error recovery to the issuer gateway. The disadvantage is that the consumer wallet (and hence the consumer) has less opportunity to be aware of the progress of the payment.

The principle of operation of the invention applies to both non-interactive internet communications such as email, as well as to interactive applications such as the World Wide Web. The method of the invention includes the step of sending from a consumer's computer to an issuer gateway for an issuing bank, an authorization request message containing consumer identity and authentication information, payment amount, an order description, a timestamp, a digital certificate representing a merchant, and a digital certificate representing the merchants acquiring bank. Then the method continues with the merchant's digital certificate containing a merchant identifier unique for the acquiring bank. Then the method continues with the acquiring bank's digital certificate containing a bank identifier unique among all banks sharing a common financial arrangement. Then the method continues with the step of validating at the issuer gateway the merchant's certificate and the acquirer's certificate to prove that the merchant, acquirer, and issuer share a common financial arrangement. Then the method continues with the step of the issuer gateway verifying the consumer's account and ensuring that funds and/or credit are available to support the payment amount, then authorizing payment by sending over the internet network an authorization token, an issuer's digital certificate, and a reference to the consumer's credit or debit card number. Then the method continues with the authorization token including the payment amount, order description, timestamp, a random nonce, the merchant identifier from the merchant's digital certificate, and the acquiring bank identifier from the acquiring bank's digital certificate, plus a reference to the consumer's credit or debit card number. Then the method continues with the authorization token being digitally signed by the issuing bank. Then the method continues with the step of merchant's computer receiving the authorization token and fulfilling the order description.

The method can include the feature of sending from a merchant's computer over an internet network to a consumer's computer, a merchant message including a wallet initiation message, a merchant digital certificate, and a digital certificate from an acquiring bank, the wallet initiation message including a payment amount, an order description, and a timestamp. Then the method starts a consumer's wallet program in the consumer's computer in response to the wallet initiation message. Then the consumer's wallet program sends the authorization request message.

The method can include the feature of including with the wallet initiation message a merchant's digital signature of the wallet initiation message, including the wallet initiation message and the merchant's digital signature in the authorization request message, and verifying at the issuer gateway the merchant's signature to prove that the consumer is dealing with the actual merchant.

The merchant's computer can perform the steps of receiving the authorization token, verifying the issuer's signature, digital certificate, the payment amount and merchant identity in the authorization token, verifying the freshness of the authorization token via the timestamp in the token, using the nonce in the authorization token to recognize duplicate tokens, and fulfilling the order description.

The merchant can claim payment through the acquiring bank by forwarding the customer reference number and payment amount to the acquiring bank. In the case of a subsequent dispute, the merchant proves payment authorization by submitting a copy of the authorization token and issuer's digital certificate to the acquiring bank. The acquiring bank verifies the issuer's signature on the authorization token, validates the issuer's digital certificate, checks for duplicates via the timestamp in the authorization token, and then the acquiring bank pays the amount indicated in the authorization token.

The authorization request message and authorization token can include a hash of an order description instead of the actual order description, the order description itself being available separately at the merchant, the merchant validating that the authorization token refers to the same order description by comparing the hash of the order description in the authorization token against a locally-computed hash of the same order description.

Although specific embodiments of the invention have been disclosed, it will be understood by those skilled in the art that changes can be made to those specific embodiments without departing from the spirit and the scope of the invention.

Claims (85)

1. A method for electronic commerce, comprising:
forming a four party payment protocol for electronic sales including a consumer's computer coupled to a merchant's computer and to an issuing bank computer via an issuer gateway, the merchant computer being further coupled to an acquiring bank computer;
sending from a merchant's computer over an internet network to a consumer's computer, a merchant message including a wallet initiation message, a merchant digital signature, and a digital certificate from an acquiring bank, said wallet initiation message including a payment amount, an order description, and a timestamp;
starting a consumer's wallet program in said consumer's computer in response to said wallet initiation message;
sending from said consumer's computer consumer identity and authentication information and said merchant message, to an issuer gateway for an issuing bank;
the issuing bank creating a reference number or value representing the consumer's credit or debit card number by repairing a table of credit card or debit card numbers and a corresponding table of reference numbers, the issuing bank pairing the consumer's card number with a selected reference number and outputting the reference number to the issuer gateway;
verifying at said issuer gateway said merchant's signature to prove that the consumer is dealing with the actual merchant and validating at said issuer gateway the merchant's certificate and the acquirer's certificate to prove that the merchant and issuer share a common financial arrangement;
said issuer gateway verifying the consumer's account and ensuring that at least one of funds and/or and credit are available to support the payment amount, then authorizing payment by sending to the consumer over said internet network an authorization token, an issuer's digital certificate, said wallet initiation message, and a reference to said consumer's credit or debit card number;
said authorization token including the payment amount, order description, timestamp, a random nonce plus a merchant identifier and a reference to the consumer's credit or debit card number; and
said merchant's computer receiving said authorization token and fulfilling said order description.
2. The method for electronic commerce of claim 1, which further comprises:
sending from said consumer's computer a start message over the internet network to the merchants computer, to initiate said merchant's message.
3. The method for electronic commerce of claim 1, wherein said wallet initiation message includes a nonce.
4. The method for electronic commerce of claim 1, wherein said merchant's computer further performs the steps comprising:
receiving said authorization token;
verifying the issuer's signature, digital certificate, the payment amount and merchant identity in the authorization token;
verifying the freshness of the authorization token via the timestamp in the token;
using the nonce in the authorization token to recognize duplicate tokens; and
fulfilling said order description.
5. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a userid and a password.
6. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is an ATM debit card number and PIN.
7. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a smart card's account number and a symmetric Message Authentication Code (MAC).
8. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a smart card's account number and an asymmetric digital signature.
9. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a consumer's digital signature and digital certificate.
10. The method for electronic commerce of claim 1, wherein said authorization token includes a dummy card number for use in routing payment to an appropriate one of a plurality of issuing banks;
said dummy card number being shared among all cardholders of a particular issuing bank.
11. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a consumer's digital certificate and matching asymmetric digital signature.
12. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a is a user account number and a symmetric MAC or asymmetric digital signature.
13. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a is a user account number and an asymmetric digital signature.
14. The method for electronic commerce of claim 1, wherein said consumer identity information is a consumer's biometric signal.
15. The method for electronic commerce of claim 1, wherein said issuer gateway sends said authorization token to said consumer, and the consumer forwards said authorization token to said merchant.
16. The method for electronic commerce of claim 1, wherein said issuer gateway sends said authorization token directly to said merchant.
17. The method for electronic commerce of claim 1, wherein said reference to said credit card is an alias card number that is mapped at the issuing bank to the real card number, thereby preventing use of the consumer's credit card number without said authorization token.
18. The method for electronic commerce of claim 1, wherein said reference to said card is an authorization number allocated uniquely by the issuer gateway for each authorization, enabling it to be passed by an acquirer gateway back to the issuing bank in a capture message;
said issuing bank maintaining a database mapping authorization numbers to card numbers, so that when the issuing bank receives the capture message, it uses the database mapping to determine the consumer's card number.
19. The method for electronic commerce of claim 1, which further comprises:
a digital certificate hierarchy that covers issuing banks, acquiring banks, and merchants.
20. The method for electronic commerce of claim 19, wherein said certificate hierarchy is used with public-key digital signatures to identify said merchant and said issuing bank.
21. The method for electronic commerce of claim 20, wherein said certificates represent common financial agreements and obligations among said merchant and said issuing bank.
22. The method for electronic commerce of claim 21, wherein the issuing bank certificates identify and help authenticate issuing banks to merchants, providing a basis for the merchants to trust the authorization tokens provided by the issuing banks.
23. The method for electronic commerce of claim 22, wherein an acquiring bank certificate and a merchant certificate identify and help authenticate said acquiring bank and said merchant to issuing banks;
said merchant certificate identifying the merchant to the consumer and verifying that the merchant is a valid participant of a payment scheme, before the issuing bank provides said authorization token.
24. The method for electronic commerce of claim 1, wherein split shipments are supported by an additional message interaction between the merchant and issuer gateway, comprising:
the merchant sending the authorization token to the issuer gateway identified in the issuer's digital certificate, including details of a split requirement, such as the amount of a first payment, the merchant authenticating the request by signing it and including the merchant's digital certificate;
the issuer gateway verifying that the merchant signing message is the same merchant that signed an original request, verifying the split request according to business and risk management policies, and responding with a new authorization token in a message to the merchant;
the merchant forwarding the new authorization token in a capture message the acquirer gateway;
the merchant resubmitting the new authorization token to the acquirer gateway m in a second message, whenever the merchant has shipped a second part of the shipment.
25. The method for electronic commerce of claim 1, comprising:
the issuer offering the consumer a payment schedule conditioned on the merchant name from the merchant's digital certificate and the amount of payment from the initiation message.
26. The method of claim 1 further comprising:
sending a capture request message including the reference number representing the consumer's card number over the internet from the merchant to an acquirer gateway operating on behalf of an acquirer bank to capture the transaction and disburse payment to the merchant.
27. The method of claim 1 further comprising the step of:
settling accounts with the issuing bank by the acquiring bank over a private network by sending a settlement message that includes the reference number to the consumer's card number.
28. The method of claim 1 further comprising the step of
converting the reference number into the consumer's card number by the issuing bank and applying the transaction amount to the consumer's balance in his credit card or deposit account.
29. The method of claim 1 further comprising the step of:
proving that the issuing bank authorized the payment to the merchant by the combination of the issuing bank's signature on the authorization token, digital certificate, and the contents of the authorization token, providing undeniable proof that the issuing bank authorized the payment.
30. A system for electronic commerce, comprising:
connecting apparatus which forms a four party payment protocol for electronic sales including a consumer's computer coupled to a merchant's computer and to an issuing bank computer via an issuer gateway, the merchant computer being further coupled to an acquiring bank computer;
the merchant's computer sending over an internet network to the consumer's computer, a merchant message including a wallet initiation message, a merchant digital signature, and a digital certificate from an acquiring bank, said wallet initiation message including a payment amount, an order description, and a timestamp;
the consumer's wallet program in said consumer's computer responsive to said wallet initiation message, for sending from said consumer's computer consumer identity and authentication information and said merchant message, to the issuer gateway for an issuing bank;
the issuing bank creating a reference number or value representing the consumer's credit or debit card number by preparing a table of credit card or debit card numbers and a corresponding table of reference numbers, the issuing bank pairing the consumer's card number with a selected reference number and outputting the reference number to the issuer gateway;
the issuer gateway verifying said merchant's signature to prove that the consumer is dealing with the actual merchant and validating at said issuer gateway the merchant's certificate and the acquirer's certificate to prove that the merchant and issuer share a common financial arrangement;
said issuer gateway verifying the consumer's account and ensuring that funds and/or credit are available to support the payment amount, then authorizing payment by sending over said internet network an authorization token, an issuer's digital certificate, said wallet initiation message, and a reference to said consumer's credit or debit card number;
said authorization token including the payment amount, order description, timestamp, a random nonce plus a merchant identifier and a reference to the consumer's credit or debit card number;
said merchant's computer receiving said authorization token and fulfilling said order description; and
said merchant sending a capture request message including the reference number representing the consumer's card number over the internet to an acquirer gateway operating on behalf of an acquirer bank to capture the transaction and disburse payment to the merchant.
31. A computer program product, comprising:
computer program code forming a four party payment protocol for electronic sales including a consumer's computer coupled to a merchant's computer and to an issuing bank computer via an issuer gateway, the merchant computer being further coupled to an acquiring bank computer;
computer program code means for sending from the merchant's computer over an internet network to the consumer's computer, a merchant message including a wallet initiation message, a merchant digital signature, and a digital certificate from an acquiring bank, said wallet initiation message including a payment amount, an order description, and a timestamp;
computer program code means for starting a consumer's wallet program in said consumer's computer in response to said wallet initiation message;
computer program code means for sending from said consumer's computer consumer identity and authentication information and said merchant message, to the issuer gateway for an issuing bank;
computer program code at the issuing bank creating a reference number or value representing the consumer's credit or debit card number by preparing a table of credit card or debit card numbers and a corresponding table of reference numbers, the issuing bank pairing the consumer's card number with a selected reference number and outputting the reference number to the issuer gateway;
computer program code verifying at said issuer gateway said merchant's signature to prove that the consumer is dealing with the actual merchant and validating at said issuer gateway the merchant's certificate and the acquirer's certificate to prove that the merchant and issuer share a common financial arrangement;
said issuer gateway verifying the consumer's account and ensuring that funds and/or credit are available to support the payment amount, then authorizing payment by sending over said internet network an authorization token, an issuer's digital certificate, said wallet initiation message, and a reference to said consumer's credit or debit card number;
said authorization token including the payment amount, order description, timestamp, a random nonce plus a merchant identifier and a reference to the consumer's credit or debit card number;
said merchant's computer receiving said authorization token and fulfilling said order description; and
computer program code at the acquiring bank settling accounts with the issuing bank over a private network by sending a settlement message that includes the reference number to the consumer's card number.
32. A data processing system for electronic commerce, comprising: connecting apparatus which forms a four party payment protocol for electronic sales including a consumer's computer coupled to a merchant's computer and to an issuing bank computer via an issuer gateway, the merchant computer being further coupled to an acquiring bank computer;
sending apparatus which sends from a merchant's computer over an internet network to a consumer's computer, a merchant message including a wallet initiation message, a merchant digital signature, and a digital certificate from an acquiring bank, said wallet initiation message including a payment amount, an order description, and a timestamp;
means for starting a consumer's wallet program in said consumer's computer in response to said wallet initiation message;
means for sending from said consumer's computer consumer identity and authentication information and said merchant message, to an issuer gateway for an issuing bank;
the issuing bank creating a reference number or value representing the consumer's credit or debit card number by preparing a table of credit card or debit card numbers and a corresponding table of reference numbers, the issuing bank pairing the consumer's card number with a selected reference number and outputting the reference number to the issuer gateway;
means for verifying at said issuer gateway said merchant's signature to prove that the consumer is dealing with the actual merchant and validating at said issuer gateway the merchant's certificate and the acquirer's certificate to prove that the merchant and issuer share a common financial arrangement;
said issuer gateway verifying the consumer's account and ensuring that finds and/or credit are available to support the payment amount, then authorizing payment by sending over said internet network an authorization token, an issuer's digital certificate, said wallet initiation message, and a reference to said consumer's credit or debit card number;
said authorization token including the payment amount, order description, timestamp, a random nonce plus a merchant identifier and a reference to the consumer's credit or debit card number;
said merchant's computer receiving said authorization token and fulfilling said order description; and
the issuing bank converting the reference number into the consumer's card number and applying the transaction amount to the consumer's balance in his credit card or deposit account.
33. The data processing system for electronic commerce of claim 32, which further comprises:
means for sending from said consumer's computer a start message over the internet network to the merchant's computer, to initiate said merchant's message.
34. The data processing system for electronic commerce of claim 32, wherein said wallet initiation message includes a nonce.
35. The data processing system for electronic commerce of claim 32, wherein said merchant's computer further comprises:
means for receiving said authorization token;
means for verifying the issuer's signature, digital certificate, the payment amount and merchant identity in the authorization token;
means for verifying the freshness of the authorization token via the timestamp in the token;
means for using the nonce in the authorization token to recognize duplicate tokens; and
means for fulfilling said order description.
36. The data processing system for electronic commerce of claim 32, wherein said reference to said credit card is a consumer credit or debit account number.
37. A method for electronic commerce, comprising:
forming a four party payment protocol for electronic sales including a consumer's computer coupled to a merchant's computer and to an issuing bank computer via an issuer gateway, the merchant computer being further coupled to an acquiring bank computer;
sending from a merchant's computer over an internet network to a consumer's computer, a merchant message including a wallet initiation message, a merchant digital signature, and a digital certificate from an acquiring bank, said wallet initiation message including a payment amount, an order description, and a timestamp;
said acquiring bank's digital certificate containing a network address or URL that identifies the network location of said acquiring bank contacted via an internet network as part of a payment protocol;
starting a consumer's wallet program in said consumer's computer in response to said wallet initiation message;
sending from said consumer's computer consumer identity and authentication information and said merchant message, to an issuer gateway for an issuing bank;
the issuing bank creating a reference number or value representing the consumer's credit or debit card number by preparing a table of credit card or debit card numbers and a corresponding table of reference numbers, the issuing bank pairing the consumer's card number with a selected reference number and outputting the reference number to the issuer gateway;
verifying at said issuer gateway said merchant's signature to prove that the consumer is dealing with the actual merchant and validating at said issuer gateway the merchant's certificate and the acquirer's certificate to prove that the merchant and issuer share a common financial arrangement;
said issuer gateway verifying the consumer's account and ensuring that funds and/or credit are available to support the payment amount, then authorizing payment by sending over said internet network an authorization token, an issuer's digital certificate, said wallet initiation message, and a reference to said consumer's credit or debit card number;
said issuer's digital certificate containing a network address or URL that identifies the network location of the issuer contacted via an internet network as part of a payment protocol;
said authorization token including the payment amount, order description, timestamp, a random nonce plus a merchant identifier and a reference to the consumer's credit or debit card number;
said merchant's computer receiving said authorization token and fulfilling said order description;
said merchant sending a capture request message including the reference number representing the consumer's card number over the internet to an acquirer gateway operating on behalf of an acquirer bank to capture the transaction and disburse payment to the merchant;
the acquiring bank settling accounts with the issuing bank over a private network by sending a settlement message that includes the reference number to the consumer's card number; and
the issuing bank converting the reference number into the consumer's card number and applying the transaction amount to the consumer's balance in his credit card or deposit account.
38. A method for electronic commerce, comprising:
forming a four party payment protocol for electronic sales including a consumer's computer coupled to a merchant's computer and to an issuing bank computer via an issuer gateway, the merchant computer being further coupled to an acquiring bank computer;
sending from the consumer's computer consumer to an issuer gateway for an issuing bank, an authorization request message containing consumer identity and authentication information, payment amount, an order description, a timestamp, a digital certificate representing a merchant, and a digital certificate representing the merchant's acquiring bank;
said merchant's digital certificate containing a merchant identifier unique for the acquiring bank;
said acquiring bank's digital certificate containing a bank identifier unique among all banks sharing a common financial arrangement;
validating at said issuer gateway the merchant's certificate and the acquirer's certificate to prove that the merchant, acquirer, and issuer share a common financial arrangement;
said issuer gateway verifying the consumer's account and ensuring that funds and/or credit are available to support the payment amount, then authorizing payment by sending over said internet network an authorization token, an issuer's digital certificate, and a reference to said consumer's credit or debit card number;
said authorization token including the payment amount, order description, timestamp, a random nonce, said merchant identifier from the merchant's digital certificate, and said acquiring bank identifier from said acquiring bank's digital certificate, plus a reference to the consumer's credit or debit card number;
said authorization token being digitally signed by the issuing bank;
said merchant's computer receiving said authorization token and fulfilling said order description
said merchant sending a capture request message including the reference number representing the consumer's card number over the internet to an acquirer gateway operating on behalf of an acquirer bank to capture the transaction and disburse payment to the merchant;
the acquiring bank settling accounts with the issuing bank over a private network by sending a settlement message that includes the reference number to the consumer's card number; and
the issuing bank converting the reference number into the consumer's card number and applying the transaction amount to the consumer's balance in his credit card or deposit account.
39. The method for electronic commerce of claim 38, which further comprises:
sending from a merchant's computer over an internet network to a consumer's computer, a merchant message including a wallet initiation message, a merchant digital signature, and a digital certificate from an acquiring bank, said wallet initiation message including a payment amount, an order description, and a timestamp;
starting a consumer's wallet program in said consumer's computer in response to said wallet initiation message;
said consumer's wallet program sending the authorization request message.
40. The method for electronic commerce of claim 39, which further comprises:
including with the wallet initiation message a merchant's digital signature of the wallet initiation message;
including the wallet initiation message and said merchant's digital signature in the authorization request message;
verifying at said issuer gateway said merchant's signature to prove that the consumer is dealing with the actual merchant.
41. The method for electronic commerce of claim 40, which further comprises:
sending from said consumer's computer a start message over the internet network to the merchant's computer, to initiate said merchant's message.
42. The method for electronic commerce of claim 40, wherein said wallet initiation message includes a nonce.
43. The method for electronic commerce of claim 40, wherein said merchant's computer further performs the steps comprising:
receiving said authorization token;
verifying the issuer's signature, digital certificate, the payment amount and merchant identity in the authorization token;
verifying the freshness of the authorization token via the timestamp in the token;
using the nonce in the authorization token to recognize duplicate tokens; and
fulfilling said order description.
44. The method for electronic commerce of claim 38, wherein the merchant claims payment through the acquiring bank by forwarding the customer reference number and payment amount to the acquiring bank.
45. The method for electronic commerce of claim 44, wherein the case of a subsequent dispute, the merchant proves payment authorization by submitting a copy of the authorization token and issuer's digital certificate to the acquiring bank.
46. The method for electronic commerce of claim 38, wherein the merchant claims payment through the acquiring bank by forwarding the authorization token and issuer's digital certificate to the acquiring bank;
the acquiring bank verifying the issuer's signature on the authorization token, validating the issuer's digital certificate, checking for duplicates via the timestamp in the authorization token; and the acquiring bank paying the amount indicated in the authorization token.
47. The method for electronic commerce of claim 38, wherein said authorization request message and authorization token includes a hash of an order description instead of the actual order description, the order description itself being available separately at the merchant, the merchant validating that the authorization token refers to the same order description by comparing the hash of the order description in the authorization token against a locally-computed hash of the same order description.
48. The method for electronic commerce of claim 38, wherein said reference to said credit card is a consumer credit or debit account number.
49. The method for electronic commerce of claim 48, wherein the confidentiality of said credit or debit account number is maintained by using a higher-level security protocol, such as encrypted email or SSL, to protect the communications among the consumer and the issuer gateway, the consumer and the merchant, the issuer gateway and the merchant, and, if applicable, the merchant and the acquirer.
50. A method for electronic commerce, comprising:
forming a four party payment protocol for electronic sales, the four party payment protocol including a consumer's computer coupled to a merchant's computer and to an issuing bank computer via an issuer gateway, the merchant computer being further coupled to an acquirer bank computer;
sending from the merchant's computer, over an internet network to the consumer's computer, a merchant message including a wallet initiation message, and a digital certificate of a merchant provided by an acquiring bank, said wallet initiation message including a payment amount, an order description, a merchant identifier and a timestamp;
starting a consumer's wallet program in said consumer's computer in response to said wallet initiation message;
sending from said consumer's computer consumer identity and authentication information and said merchant message, to the issuer gateway for an issuing bank;
the issuing bank creating a reference number or value representing the consumer's credit or debit card number by preparing a table of credit card or debit card numbers and a corresponding table of reference numbers, the issuing bank pairing the consumer's card number with a selected reference number and outputting the reference number to the issuer gateway;
verifying at said issuer gateway that the merchant and issuer share a common financial arrangement;
said issuer gateway verifying the consumer's account and ensuring that funds and/or credit are available to support the payment amount, then authorizing payment by sending over said internet network an authorization token, an issuer's digital certificate, said wallet initiation message, and a reference to said consumer's credit or debit card number;
said authorization token including the payment amount, order description, timestamp, a random nonce plus a merchant identifier and a reference to the consumer's credit or debit card number;
said merchant's computer receiving said authorization token and fulfilling said order description; and
sending a capture request message including the reference number representing the consumer's card number over the internet from the merchant to an acquirer gateway operating on behalf of an acquirer bank to capture the transaction and disburse payment to the merchant.
51. The method of claim 50 further comprising:
providing the merchant's digital signature and matching certificate to the consumer's computer.
52. The method of claim 50 further comprising
the issuer gateway signing the authorization token.
53. A method for electronic commerce, comprising:
means for forming a four party payment protocol for electronic sales, the four party payment protocol including a consumer's computer coupled to a merchant's computer and to an issuing bank computer via an issuer gateway, the merchant computer being further coupled to an acquiring bank computer;
the merchant's computer sending over an internet network to the consumer's computer, a merchant message including a wallet initiation message, and a digital certificate of a merchant provided by an acquiring bank, said wallet initiation message including a payment amount, an order description, a merchant identifier and a timestamp;
a consumer's wallet program in said consumer's computer responsive to said wallet initiation message, for sending from said consumer's computer consumer identity and authentication information and said merchant message, to the issuer gateway for an issuing bank;
the issuing bank creating a reference number or value representing the consumer's credit or debit card number by preparing a table of credit card or debit card numbers and a corresponding table of reference numbers, the issuing bank pairing the consumer's card number with a selected reference number and outputting the reference number to the issuer gateway;
the issuer gateway verifying that the merchant and issuer share a common financial arrangement;
said issuer gateway verifying the consumer's account and ensuring that funds and/or credit are available to support the payment amount, then authorizing payment by sending over said internet network an authorization token, an issuer's digital certificate, said wallet initiation message, and a reference to said consumer's credit or debit card number;
said authorization token including the payment amount, order description, timestamp, a random nonce plus a merchant identifier and a reference to the consumer's credit or debit card number;
said merchant's computer receiving said authorization token and fulfilling said order description; and
settling apparatus which settles accounts with the issuing bank by the acquiring bank over a private network by sending a settlement message that includes the reference number to the consumer's card number.
54. The system of claim 53 further comprising:
means for providing the merchant's digital signature and matching certificate to the consumer's computer; and
means for issuing gateway to sign the authorization token.
55. A method of operating a four party payment protocol in accordance with a gateway associated with an issuing bank, the method comprising the steps of:
receiving at the gateway, from a computer of a consumer, information associated with the consumer computer and a merchant message from a computer of a merchant with which the consumer is engaging in a transaction, the merchant message comprising a wallet initiation message comprising a payment amount, an order description, a merchant identifier and a timestamp;
receiving at the gateway, from the issuing bank, a reference number, the reference number having been created by the issuing bank and representing a credit card number or a debit card number of the consumer, the issuing bank maintaining a table of credit card numbers or debit card numbers and corresponding reference numbers wherein the consumer's card number is paired with the reference number;
verifying at the gateway an account of the consumer and ensuring that at least one of funds and credit support the payment; and
authorizing payment by sending an authorization token, the authorization token comprising the payment amount, the order description, the merchant identifier, the timestamp, and the reference number, wherein the merchant's computer receives the authorization token, initiates fulfillment of the order description, and sends a capture request message comprising the reference number, to an acquirer bank;
wherein the acquirer bank captures the transaction and disburses payment to the merchant; and further
wherein the issuing bank, in response to a message from the acquirer bank, converts the reference number into the consumer's credit or debit card number and applies the payment amount to a balance in the account of the consumer.
56. The method of claim 55, wherein the gateway associated with the issuing bank sends the authorization token to the merchant computer via the consumer computer.
57. The method of claim 55, wherein the gateway associated with the issuing bank sends the authorization token directly to the merchant computer.
58. The method of claim 55, further comprising the step of the gateway associated with the issuing bank signing the authorization token.
59. A method of operating a four party payment protocol in accordance with a computer of a merchant, the method comprising the steps of:
sending a message from the merchant computer to a computer of a consumer with which the merchant computer is engaging in a transaction, the merchant message comprising a wallet initiation message, the wallet initiation message comprising a payment amount, an order description, a merchant identifier and a timestamp, wherein the merchant message is sent to a gateway associated with an issuing bank, via the consumer computer, along with information associated with the consumer computer;
receiving at the merchant computer an authorization token sent by the gateway after the gateway has verified an account of the consumer and ensured that at least one of funds and credit support the payment amount, the authorization token comprising the payment amount, the order description, the merchant identifier, the timestamp, and a reference number, the reference number having been created by the issuing bank and representing a credit card number or a debit card number and corresponding reference numbers wherein consumer's card number is paired with the reference number;
initiating fulfillment of the order description at the merchant computer; and
sending from the merchant computer to an acquirer bank, a capture request message comprising the reference number,
wherein the acquirer bank captures the transaction and disburses payment to the merchant; and further
wherein the issuing bank, in response to a message from the acquirer bank, converts the reference number into the consumer's credit or debit card number and applies the payment amount to a balance in the account of the consumer.
60. The method for electronic commerce of claim 1, wherein said wallet initiation message includes a nonce.
61. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a userid and a password.
62. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is an ATM debit card number and PIN.
63. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a smart card's account number and a symmetric Message Authentication Code (MAC).
64. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a smart card's account number and a symmetric digital signature.
65. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a consumer's digital signature and digital certificate.
66. The method for electronic commerce of claim 1, wherein said authorization token includes a dummy card number for use in routing payment to an appropriate one of a plurality of issuing banks;
said dummy card number being shared among all cardholders of a particular issuing bank.
67. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a consumer's digital certificate and matching asymmetric digital signature.
68. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a user account number and a symmetric MAC or asymmetric digital signature.
69. The method for electronic commerce of claim 1, wherein said consumer identity and authentication information is a user account number and an asymmetric digital signature.
70. The method for electronic commerce of claim 1, wherein said consumer identity information is a consumer's biometric signal.
71. The method for electronic commerce of claim 1, which further comprises:
a digital certificate hierarchy that covers issuing banks, acquiring banks, and merchants.
72. The method for electronic commerce of claim 71, wherein said certificate hierarchy is used with public-key digital signatures to identify said merchant and said issuing bank.
73. The method for electronic commerce of claim 72, wherein said certificates represent common financial agreements and obligations among said merchant and said issuing bank.
74. The method for electronic commerce of claim 73, wherein the issuing bank certificates identify and help authenticate issuing banks to merchants, providing a basis for the merchants to trust the authorization tokens provided by the issuing banks.
75. The method for electronic commerce of claim 74, wherein an acquiring bank certificate and a merchant certificate identify and help authenticate said acquiring bank and said merchant to issuing banks;
said merchant certificate identifying the merchant to the consumer and verifying that the merchant is a valid participant of a payment scheme, before the issuing bank provides said authorization token.
76. A method of providing at least a part of a four party payment service, the part of the service being provided in accordance with a gateway associated with an issuing bank, the method comprising the steps of:
receiving at the gateway, from a computer of a consumer, information associated with the consumer computer and a merchant message from a computer of a merchant with which the consumer is engaging in a transaction, the merchant message comprising a wallet initiation message comprising a payment amount, an order description, a merchant identifier and a timestamp;
receiving at the gateway, from the issuing bank, a reference number, the reference number having been created by the issuing bank and representing a credit card number or a debit card number of the consumer, the issuing bank maintaining a table of credit card numbers or debit card numbers and corresponding reference numbers wherein the consumer's card number is paired with the reference number;
verifying at the gateway an account of the consumer and ensuring that at least one of funds and credit support the payment amount; and
authorizing payment by sending an authorization token, the authorization token comprising the payment amount, the order description, the merchant identifier, the timestamp, and the reference number, wherein the merchant's computer receives the authorization token initiates fulfillment of the order description, and sends a capture request message comprising the reference number, to an acqirer bank;
wherein the acquirer bank captures the transaction and disburses payment to the merchant; and further
wherein the issuing bank, in response to a message from the acquirer bank, converts the reference number into the consumer's credit or debit care number and applies the payment amount to a balance in the account of the consumer.
77. The method of claim 76, wherein the gateway associated with the issuing bank sends the authorization token to the merchant computer via the consumer computer.
78. The method of claim 76, wherein the gateway associated with the issuing bank sends the authorization token directly to the merchant computer.
79. The method of claim 76, further comprising the step of the gateway associated with the issuing bank signing the authorization token.
80. A method of providing at least a part of a four party payment service, the part of the service being provided in accordance with a computer of a merchant, the method comprising the steps of:
sending a message from the merchant computer to a computer of a consumer with which the merchant computer is engaging in a transaction, the merchant message comprising a wallet initiation message, the wallet initiation message comprising a payment amount, an order description, a merchant identifier and a timestamp, wherein the merchant message is sent to a gateway associated with an issuing bank, via the consumer computer, along with information associated with the consumer computer;
receiving at the merchant computer an authorization token sent by the gateway after the gateway has verified an account of the consumer and ensured that at least one of funds and credit support the payment amount, the authorization token comprising the payment ampunt, the order description, the merchant identifier, the timestamp, and a reference number, the reference number having been created by the issuing bank and representing a credit card number or a debit card number and corresponding reference numbers wherein the consumer's card number is paired with the reference number;
initiating fulfillment of the order description at the merchant computer; and
sending from the merchant computer to an acquirer bank, a capture request message comprising the reference number,
wherein the acquirer bank captures the transaction and disburses payment to the merchant; and further
wherein the issuing bank, in response to a message from the acquirer bank, converts the reference number into the consumer's credit or debit card number and applies the payment amount to a balance in the account of the consumer.
81. A method of operating a four party payment protocol in accordance with a gateway associated with an issuing bank, the method comprising the steps of:
receiving at the gateway, from a computer of a consumer, information associated with the consumer computer and a merchant message from a computer of a merchant with which the consumer is engaging in a transaction, the merchant message comprising a wallet initiation message comprising a payment amount, an order description, a merchant identifier and a timestamp;
receiving at the gateway, from the issuing bank, a reference number, the reference number having been created by the issuing bank representing a credit card number or a debit card number of the consumer, the issuing bank maintaining a mapping of credit card numbers or debit card numbers and corresponding reference numbers wherein the consumer's card number is paired with the reference number;
verifying at the gateway an account of the consumer and ensuring that at least one of funds and credit support the payment amount; and
authorizing payment by sending an authorization token, the authorization token comprising the payment amount, the order description, the merchant identifier, the timestamp, and the reference number, wherein the merchant's computer receives the authorization token initiates fulfillment of the order description, and sends a capture request message comprising the reference number, to an acquirer bank;
wherein the acquirer bank captures the transaction and disburses payment to the merchant; and further
wherein the issuing bank, in response to a message from the acquirer bank, converts the reference number into the consumer's credit or debit card number and applies the payment amount to a balance in the account of the consumer.
82. The method of claim 81, wherein the gateway associated with the issuing bank sends the authorization token to the merchant computer via the consumer computer.
83. The method of claim 81, wherein the gateway associated with the issuing bank sends the authorization token directly to the merchant computer.
84. The method of claim 81, further comprising the step of the gateway associated with the issuing bank signing the authorization token.
85. A method of operating a four party payment protocol in accordance with a computer of a merchant, the method comprising the steps of:
sending a message from the merchant computer to a computer of a consumer with which the merchant computer is engaging in a transaction, the merchant message comprising a wallet initiation message, the wallet initiation message comprising a payment amount, an order description, a merchant identifier and a timestamp, wherein the merchant message is sent to a gateway associated with an issuing bank, via the consumer computer, along with information associated with the consumer computer;
receiving at the merchant computer an authorization token sent by the gateway after the gateway has verified an account of the consumer and ensured that at least one of funds and credit support the payment amount, the authorization token comprising the payment ampunt, the order description, the merchant identifier, the timestamp, and a reference number, the reference number having been created by the issuing bank and representing a credit card number or a debit card number and corresponding reference numbers wherein the consumer's card number is paired with the reference number;
initiating fulfillment of the order description at the merchant computer; and
sending from the merchant computer to an acquirer bank, a capture request message comprising the reference number,
wherein the acquirer bank captures the transaction and disburses payment to the merchant; and further
wherein the issuing bank, in response to a message from the acquirer bank, converts the reference number into the consumer's credit or debit card number and applies the payment amount to a balance in the account of the consumer.
US10622058 1998-12-29 2003-07-17 Four-party credit/debit payment protocol Active - Reinstated USRE40444E1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US09221869 US6327578B1 (en) 1998-12-29 1998-12-29 Four-party credit/debit payment protocol
US10622058 USRE40444E1 (en) 1998-12-29 2003-07-17 Four-party credit/debit payment protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10622058 USRE40444E1 (en) 1998-12-29 2003-07-17 Four-party credit/debit payment protocol

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09221869 Reissue US6327578B1 (en) 1998-12-29 1998-12-29 Four-party credit/debit payment protocol

Publications (1)

Publication Number Publication Date
USRE40444E1 true USRE40444E1 (en) 2008-07-29

Family

ID=22829750

Family Applications (2)

Application Number Title Priority Date Filing Date
US09221869 Active US6327578B1 (en) 1998-12-29 1998-12-29 Four-party credit/debit payment protocol
US10622058 Active - Reinstated USRE40444E1 (en) 1998-12-29 2003-07-17 Four-party credit/debit payment protocol

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09221869 Active US6327578B1 (en) 1998-12-29 1998-12-29 Four-party credit/debit payment protocol

Country Status (4)

Country Link
US (2) US6327578B1 (en)
EP (1) EP1017030A3 (en)
JP (1) JP2000194770A (en)
KR (1) KR100349779B1 (en)

Cited By (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040111379A1 (en) * 1999-02-12 2004-06-10 Mack Hicks System and method for providing certification-related and other services
US20060149671A1 (en) * 2004-06-25 2006-07-06 Robert Nix Payment processing method and system
US20070067634A1 (en) * 2005-08-31 2007-03-22 Siegler Thomas A System and method for restricting access to a terminal
US20080167888A1 (en) * 2007-01-09 2008-07-10 I4 Commerce Inc. Method and system for identification verification between at least a pair of entities
US20080313047A1 (en) * 2007-06-18 2008-12-18 Bling Nation, Ltd. Payment clearing network for electronic financial transactions and related personal financial transaction device
US20090177587A1 (en) * 2006-02-06 2009-07-09 Yt Acquisition Corporation Method and system for providing online authentication utilizing biometric data
US20100299195A1 (en) * 2006-04-24 2010-11-25 Robert Nix Systems and methods for implementing financial transactions
US20110161233A1 (en) * 2009-12-30 2011-06-30 First Data Corporation Secure transaction management
US20110208961A1 (en) * 2004-04-12 2011-08-25 Bushman M Benjamin Secure messaging system
US20120209778A1 (en) * 2011-02-13 2012-08-16 Openwave Systems Inc. Mediation system and method for restricted access item distribution
US20120284196A1 (en) * 2009-10-07 2012-11-08 Andras Vilmos Method for initiating and performing a cnp business transaction, software for the same and a communication device comprising such software
US20130018793A1 (en) * 2011-07-15 2013-01-17 Shoon Ping Wong Methods and systems for payments assurance
US20130191290A1 (en) * 2010-01-19 2013-07-25 Glencurr Pty Ltd Method, device and system for securing payment data for transmission over open communication networks
US8694438B1 (en) * 2013-03-12 2014-04-08 Scvngr Distributed authenticity verification for consumer payment transactions
US8827154B2 (en) 2009-05-15 2014-09-09 Visa International Service Association Verification of portable consumer devices
US20140289110A1 (en) * 1999-04-30 2014-09-25 Max R. Levchin Using tokens in digital wallet transactions
US20150026070A1 (en) * 2013-07-16 2015-01-22 Mastercard International Incorporated Systems and methods for correlating cardholder identity attributes on a payment card network to determine payment card fraud
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US9256871B2 (en) 2012-07-26 2016-02-09 Visa U.S.A. Inc. Configurable payment tokens
US9280765B2 (en) 2011-04-11 2016-03-08 Visa International Service Association Multiple tokenization for authentication
US9317848B2 (en) 2009-05-15 2016-04-19 Visa International Service Association Integration of verification tokens with mobile communication devices
US20160134622A1 (en) * 2012-11-13 2016-05-12 Alcatel Lucent Restricted Certificate Enrollment For Unknown Devices In Hotspot Networks
US9372971B2 (en) 2009-05-15 2016-06-21 Visa International Service Association Integration of verification tokens with portable computing devices
US9424413B2 (en) 2010-02-24 2016-08-23 Visa International Service Association Integration of payment capability into secure elements of computers
US9516487B2 (en) 2013-11-19 2016-12-06 Visa International Service Association Automated account provisioning
US9524501B2 (en) 2012-06-06 2016-12-20 Visa International Service Association Method and system for correlating diverse transaction data
US9530131B2 (en) 2008-07-29 2016-12-27 Visa U.S.A. Inc. Transaction processing using a global unique identifier
US9530289B2 (en) 2013-07-11 2016-12-27 Scvngr, Inc. Payment processing with automatic no-touch mode selection
US9547769B2 (en) 2012-07-03 2017-01-17 Visa International Service Association Data protection hub
US9582801B2 (en) 2009-05-15 2017-02-28 Visa International Service Association Secure communication of payment information to merchants using a verification token
US9665722B2 (en) 2012-08-10 2017-05-30 Visa International Service Association Privacy firewall
US9680942B2 (en) 2014-05-01 2017-06-13 Visa International Service Association Data verification using access device
US9704155B2 (en) 2011-07-29 2017-07-11 Visa International Service Association Passing payment tokens through an hop/sop
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US9741051B2 (en) 2013-01-02 2017-08-22 Visa International Service Association Tokenization and third-party interaction
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US9780953B2 (en) 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US9792593B2 (en) 2011-11-23 2017-10-17 The Toronto-Dominion Bank System and method for processing an online transaction request
US9792611B2 (en) 2009-05-15 2017-10-17 Visa International Service Association Secure authentication system and method
US9830595B2 (en) 2012-01-26 2017-11-28 Visa International Service Association System and method of providing tokenization as a service
US9846878B2 (en) 2014-01-14 2017-12-19 Visa International Service Association Payment account identifier system
US9846861B2 (en) 2012-07-25 2017-12-19 Visa International Service Association Upstream and downstream data conversion
US9848052B2 (en) 2014-05-05 2017-12-19 Visa International Service Association System and method for token domain control
US9898740B2 (en) 2008-11-06 2018-02-20 Visa International Service Association Online challenge-response
US9911118B2 (en) 2012-11-21 2018-03-06 Visa International Service Association Device pairing via trusted intermediary
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US9942043B2 (en) 2014-04-23 2018-04-10 Visa International Service Association Token security on a communication device
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US9972005B2 (en) 2013-12-19 2018-05-15 Visa International Service Association Cloud-based transactions methods and systems
US9978062B2 (en) 2013-05-15 2018-05-22 Visa International Service Association Mobile tokenization hub
US9978094B2 (en) 2013-10-11 2018-05-22 Visa International Service Association Tokenization revocation list
US9996835B2 (en) 2013-07-24 2018-06-12 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
US10015147B2 (en) 2014-10-22 2018-07-03 Visa International Service Association Token enrollment system and method
US10026087B2 (en) 2014-04-08 2018-07-17 Visa International Service Association Data passed in an interaction
US10043178B2 (en) 2007-06-25 2018-08-07 Visa International Service Association Secure mobile payment system
US10057061B1 (en) * 2016-09-13 2018-08-21 Wells Fargo Bank, N.A. Secure digital communications
US10078832B2 (en) 2011-08-24 2018-09-18 Visa International Service Association Method for using barcodes and mobile devices to conduct payment transactions
US10096009B2 (en) 2015-01-20 2018-10-09 Visa International Service Association Secure payment processing using authorization request

Families Citing this family (473)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6950810B2 (en) * 1994-11-28 2005-09-27 Indivos Corporation Tokenless biometric electronic financial transactions via a third party identicator
US7882032B1 (en) 1994-11-28 2011-02-01 Open Invention Network, Llc System and method for tokenless biometric authorization of electronic communications
US20040128249A1 (en) 1994-11-28 2004-07-01 Indivos Corporation, A Delaware Corporation System and method for tokenless biometric electronic scrip
US6269348B1 (en) * 1994-11-28 2001-07-31 Veristar Corporation Tokenless biometric electronic debit and credit transactions
US7613659B1 (en) 1994-11-28 2009-11-03 Yt Acquisition Corporation System and method for processing tokenless biometric electronic transmissions using an electronic rule module clearinghouse
US7226494B1 (en) * 1997-04-23 2007-06-05 Neopost Technologies Secure postage payment system and method
US6131811A (en) 1998-05-29 2000-10-17 E-Micro Corporation Wallet consolidator
WO2000034905A1 (en) * 1998-12-04 2000-06-15 Takayuki Doki Service id number settlement system
US7743412B1 (en) * 1999-02-26 2010-06-22 Intel Corporation Computer system identification
GB2367168B (en) * 1999-05-25 2004-02-18 Safepay Australia Pty Ltd System for handling network transactions
US6611817B1 (en) * 1999-06-17 2003-08-26 International Business Machines Corporation Automated technique for code generation of datastream mappings
US7606760B2 (en) * 1999-06-18 2009-10-20 Echarge Corporation Method and apparatus for ordering goods, services and content over an internetwork using a virtual payment account
US7249097B2 (en) * 1999-06-18 2007-07-24 Echarge Corporation Method for ordering goods, services, and content over an internetwork using a virtual payment account
US6554183B1 (en) * 1999-06-30 2003-04-29 Ge Capital Fleet Services Automated systems and methods for authorization and settlement of fleet maintenance and repair transactions
US7263505B1 (en) * 1999-06-30 2007-08-28 Kyklos Entertainment S.R.L. Method and apparatus for generating a sale offer over an electronic network system
US7058817B1 (en) 1999-07-02 2006-06-06 The Chase Manhattan Bank System and method for single sign on process for websites with multiple applications and services
EP1077436A3 (en) * 1999-08-19 2005-06-22 Citicorp Development Center, Inc. System and method for performing an on-line transaction using a single-use payment instrument
US6999944B1 (en) * 1999-08-19 2006-02-14 Sprint Communications Company L.P. Method and apparatus for authorizing and billing communications services using a bank card financial network
US7505941B2 (en) * 1999-08-31 2009-03-17 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions using biometrics
US7953671B2 (en) * 1999-08-31 2011-05-31 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions
US7343351B1 (en) * 1999-08-31 2008-03-11 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions
US7249093B1 (en) * 1999-09-07 2007-07-24 Rysix Holdings, Llc Method of and system for making purchases over a computer network
US6764014B2 (en) * 1999-09-07 2004-07-20 American Express Travel Related Services Company, Inc. Transaction card
US7837116B2 (en) 1999-09-07 2010-11-23 American Express Travel Related Services Company, Inc. Transaction card
US7386516B2 (en) * 1999-09-10 2008-06-10 Metavante Corporation System and method for providing secure services over public and private networks using a removable portable computer-readable storage
US20020029200A1 (en) 1999-09-10 2002-03-07 Charles Dulin System and method for providing certificate validation and other services
EP1242938A1 (en) * 1999-09-10 2002-09-25 Jackson Brandenburg System and method for facilitating access by sellers to certificate-related and other services
US7319986B2 (en) * 1999-09-28 2008-01-15 Bank Of America Corporation Dynamic payment cards and related management systems and associated methods
US6853987B1 (en) * 1999-10-27 2005-02-08 Zixit Corporation Centralized authorization and fraud-prevention system for network-based transactions
US8103584B2 (en) * 1999-11-05 2012-01-24 American Express Travel Related Services Company, Inc. Systems and methods for authorizing an allocation of an amount between transaction accounts
US8646685B2 (en) * 1999-11-05 2014-02-11 Lead Core Fund, L.L.C. Device for allocating a payment authorization request to a payment processor
US20090048887A1 (en) * 1999-11-05 2009-02-19 American Express Travel Related Services Company, Inc. Systems and Methods for Facilitating Transactions Involving an Intermediary
US20090265250A1 (en) * 1999-11-05 2009-10-22 American Express Travel Related Services Company, Inc. Systems and methods for processing a transaction according to an allowance
US8195565B2 (en) * 1999-11-05 2012-06-05 Lead Core Fund, L.L.C. Systems and methods for point of interaction based policy routing of transactions
US20090164325A1 (en) * 1999-11-05 2009-06-25 American Express Travel Related Services Company, Inc. Systems and Methods for Locating an Automated Clearing House Utilizing a Point of Sale Device
US8234212B2 (en) * 1999-11-05 2012-07-31 Lead Core Fund, L.L.C. Systems and methods for facilitating transactions with interest
US8875990B2 (en) * 1999-11-05 2014-11-04 Lead Core Fund, L.L.C. Systems and methods for allocating a payment authorization request to a payment processor
US20090265249A1 (en) * 1999-11-05 2009-10-22 American Express Travel Related Services Company, Inc. Systems and methods for split tender transaction processing
US8073772B2 (en) * 1999-11-05 2011-12-06 American Express Travel Related Services Company, Inc. Systems and methods for processing transactions using multiple budgets
US7979349B2 (en) * 1999-11-05 2011-07-12 American Express Travel Related Services Company, Inc. Systems and methods for adjusting crediting limits to facilitate transactions
US20090048885A1 (en) * 1999-11-05 2009-02-19 American Express Travel Related Services Company, Inc. Systems and Methods for Facilitating Cost-Splitting Transactions
US20090164329A1 (en) * 1999-11-05 2009-06-25 American Express Travel Related Services Company, Inc. Systems for Processing a Payment Authorization Request Utilizing a Network of Point of Sale Devices
US20090265241A1 (en) * 1999-11-05 2009-10-22 American Express Travel Related Services Company, Inc. Systems and methods for determining a rewards account to fund a transaction
US8596527B2 (en) * 1999-11-05 2013-12-03 Lead Core Fund, L.L.C. Methods for locating a payment system utilizing a point of sale device
US20090164331A1 (en) * 1999-11-05 2009-06-25 American Express Travel Related Services Company, Inc. Systems for Locating a Payment System Utilizing a Point of Sale Device
US8180706B2 (en) * 1999-11-05 2012-05-15 Lead Core Fund, L.L.C. Systems and methods for maximizing a rewards accumulation strategy during transaction processing
US8851369B2 (en) * 1999-11-05 2014-10-07 Lead Core Fund, L.L.C. Systems and methods for transaction processing using a smartcard
US8190514B2 (en) * 1999-11-05 2012-05-29 Lead Core Fund, L.L.C. Systems and methods for transaction processing based upon an overdraft scenario
US8103585B2 (en) * 1999-11-05 2012-01-24 American Express Travel Related Services Company, Inc. Systems and methods for suggesting an allocation
US8794509B2 (en) * 1999-11-05 2014-08-05 Lead Core Fund, L.L.C. Systems and methods for processing a payment authorization request over disparate payment networks
US8814039B2 (en) * 1999-11-05 2014-08-26 Lead Core Fund, L.L.C. Methods for processing a payment authorization request utilizing a network of point of sale devices
US20090048886A1 (en) * 1999-11-05 2009-02-19 American Express Travel Related Services Company, Inc. Systems and Methods for Facilitating Gifting Transactions
US20090164328A1 (en) * 1999-11-05 2009-06-25 American Express Travel Related Services Company, Inc. Systems and Methods for Locating a Payment System and Determining a Taxing Authority Utilizing a Point of Sale Device
US7996307B2 (en) * 1999-11-05 2011-08-09 American Express Travel Related Services Company, Inc. Systems and methods for facilitating transactions between different financial accounts
US8275704B2 (en) * 1999-11-05 2012-09-25 Lead Core Fund, L.L.C. Systems and methods for authorizing an allocation of an amount between transaction accounts
US8820633B2 (en) * 1999-11-05 2014-09-02 Lead Core Fund, L.L.C. Methods for a third party biller to receive an allocated payment authorization request
US8458086B2 (en) * 1999-11-05 2013-06-04 Lead Core Fund, L.L.C. Allocating partial payment of a transaction amount using an allocation rule
US6789068B1 (en) * 1999-11-08 2004-09-07 At&T Corp. System and method for microbilling using a trust management system
US8571975B1 (en) 1999-11-24 2013-10-29 Jpmorgan Chase Bank, N.A. System and method for sending money via E-mail over the internet
US7966259B1 (en) 1999-12-09 2011-06-21 Amazon.Com, Inc. System and methods for facilitating transactions on, and personalizing web pages of, third party web sites
US7467099B2 (en) * 2000-01-13 2008-12-16 Access Co., Ltd. Information home electric appliance
US6763459B1 (en) 2000-01-14 2004-07-13 Hewlett-Packard Company, L.P. Lightweight public key infrastructure employing disposable certificates
US7010683B2 (en) * 2000-01-14 2006-03-07 Howlett-Packard Development Company, L.P. Public key validation service
US6802002B1 (en) * 2000-01-14 2004-10-05 Hewlett-Packard Development Company, L.P. Method and apparatus for providing field confidentiality in digital certificates
US7269726B1 (en) 2000-01-14 2007-09-11 Hewlett-Packard Development Company, L.P. Lightweight public key infrastructure employing unsigned certificates
US7340600B1 (en) 2000-01-14 2008-03-04 Hewlett-Packard Development Company, L.P. Authorization infrastructure based on public key cryptography
JP2001202422A (en) * 2000-01-17 2001-07-27 Sony Computer Entertainment Inc Method and system for transaction processing
US7020778B1 (en) * 2000-01-21 2006-03-28 Sonera Smarttrust Oy Method for issuing an electronic identity
US6847953B2 (en) 2000-02-04 2005-01-25 Kuo James Shaw-Han Process and method for secure online transactions with calculated risk and against fraud
US20010032878A1 (en) * 2000-02-09 2001-10-25 Tsiounis Yiannis S. Method and system for making anonymous electronic payments on the world wide web
US6867789B1 (en) 2000-02-15 2005-03-15 Bank One, Delaware, National Association System and method for generating graphical user interfaces
US20060206403A1 (en) * 2000-02-29 2006-09-14 Geoffrey H. Gill System for anonymously purchasing goods and services over the Internet
WO2001078024A3 (en) * 2000-04-11 2002-02-28 Mastercard International Inc An improved method and system for conducting secure payments over a computer network
CA2382696A1 (en) * 2000-06-21 2001-12-27 Edward J. Hogan An improved method and system for conducting secure payments over a computer network
EP1269429A2 (en) * 2000-03-15 2003-01-02 Mastercard International, Inc. Method and system for secure payments over a computer network
US7249113B1 (en) * 2000-03-29 2007-07-24 American Express Travel Related Services Company, Inc. System and method for facilitating the handling of a dispute
US20050178824A1 (en) * 2000-03-29 2005-08-18 American Express Travel Related Services Company, Inc. On-line merchant services system and method for facilitating resolution of post transaction disputes
US20040128257A1 (en) * 2001-03-28 2004-07-01 Okamoto Steve Atsushi Method and apparatus for administering one or more value bearing instruments
US7379919B2 (en) 2000-04-11 2008-05-27 Mastercard International Incorporated Method and system for conducting secure payments over a computer network
US20020023054A1 (en) * 2000-04-13 2002-02-21 Gillespie Kenneth E. Method and system for protecting credit card transactions
US7778934B2 (en) * 2000-04-17 2010-08-17 Verisign, Inc. Authenticated payment
US6618705B1 (en) * 2000-04-19 2003-09-09 Tiejun (Ronald) Wang Method and system for conducting business in a transnational e-commerce network
KR101015341B1 (en) * 2000-04-24 2011-02-16 비자 인터내셔날 써비스 어쏘시에이션 Online payment authentication services
US7472092B2 (en) * 2000-05-08 2008-12-30 Patricia Phelan Money order device with identity verification and method
US7280984B2 (en) * 2000-05-08 2007-10-09 Phelan Iii Frank Money card system, method and apparatus
GB2368422B (en) * 2000-05-10 2003-03-26 Sony Corp Electronic settlement system, settlement management device, store device, client, data storage device, computer program, and storage medium
US6805288B2 (en) 2000-05-15 2004-10-19 Larry Routhenstein Method for generating customer secure card numbers subject to use restrictions by an electronic card
WO2001088782A1 (en) * 2000-05-19 2001-11-22 E-Mark Systems Inc. Electronic settlement system, settlement device and terminal
US7725427B2 (en) 2001-05-25 2010-05-25 Fred Bishop Recurrent billing maintenance with radio frequency payment devices
US7225169B1 (en) * 2000-05-26 2007-05-29 International Business Machines Corporation Method and system for commerce with full anonymity
US6910023B1 (en) * 2000-05-26 2005-06-21 Eitan Schibi Method of conducting secure transactions containing confidential, financial, payment, credit, or other information over a network
US9165323B1 (en) 2000-05-31 2015-10-20 Open Innovation Network, LLC Biometric transaction system and method
US7426530B1 (en) 2000-06-12 2008-09-16 Jpmorgan Chase Bank, N.A. System and method for providing customers with seamless entry to a remote server
US8046288B1 (en) * 2000-06-13 2011-10-25 Paymentech, Llc System and method for payment data processing
JP2004528610A (en) * 2000-06-30 2004-09-16 シングハル、タラ、チャンド A method and apparatus for payment card system
US7890433B2 (en) 2000-06-30 2011-02-15 Tara Chand Singhal Private and secure payment system
EP1299866A2 (en) * 2000-07-10 2003-04-09 Mastercard International, Inc. Method and system for conducting secure electronic commerce transactions with authorization request data loop-back
US7177849B2 (en) * 2000-07-13 2007-02-13 International Business Machines Corporation Method for validating an electronic payment by a credit/debit card
JPWO2002008981A1 (en) * 2000-07-25 2004-01-08 株式会社イマージュメディアデザイン Commerce method and a network terminal, as well as commerce system
US7246377B2 (en) * 2000-08-02 2007-07-17 Fujitsu Limited Method and apparatus for mediation of security information, and a computer product
US7257581B1 (en) 2000-08-04 2007-08-14 Guardian Networks, Llc Storage, management and distribution of consumer information
US9928508B2 (en) 2000-08-04 2018-03-27 Intellectual Ventures I Llc Single sign-on for access to a central data repository
US20020052843A1 (en) * 2000-08-04 2002-05-02 Canon Eduardo Gomez Smart card for and method of executing transactions
US8566248B1 (en) * 2000-08-04 2013-10-22 Grdn. Net Solutions, Llc Initiation of an information transaction over a network via a wireless device
US7343335B1 (en) * 2000-08-08 2008-03-11 Ebay Inc. Method for managing group finances via an electronic network
JP2002063520A (en) * 2000-08-22 2002-02-28 Oki Electric Ind Co Ltd Server and method for relaying and payment system
US6938019B1 (en) * 2000-08-29 2005-08-30 Uzo Chijioke Chukwuemeka Method and apparatus for making secure electronic payments
US20020032662A1 (en) * 2000-08-30 2002-03-14 Maclin Roland Martin System and method for servicing secure credit/debit card transactions
EP1377943A2 (en) * 2000-08-31 2004-01-07 ATM Direct Inc. System and method for online atm transaction with digital certificate
EP1325599A1 (en) * 2000-09-08 2003-07-09 Paul Donfried System and method for providing authorization and other services
WO2002021408A1 (en) * 2000-09-08 2002-03-14 Tallent Guy S System and method for transparently providing certificate validation and other services within an electronic transaction
CA2329895A1 (en) * 2000-09-19 2002-03-19 Soft Tracks Enterprises Ltd. Merchant wallet server
US8335855B2 (en) 2001-09-19 2012-12-18 Jpmorgan Chase Bank, N.A. System and method for portal infrastructure tracking
US6915279B2 (en) 2001-03-09 2005-07-05 Mastercard International Incorporated System and method for conducting secure payment transactions
US20020042839A1 (en) * 2000-10-10 2002-04-11 Christopher Peiffer HTTP multiplexor/demultiplexor
US6789193B1 (en) * 2000-10-27 2004-09-07 Pitney Bowes Inc. Method and system for authenticating a network user
JP2002157632A (en) * 2000-11-22 2002-05-31 Fujitsu Ltd Network shopping method and system and automatic transfer machine
JP2002169784A (en) * 2000-11-30 2002-06-14 Sony Corp Information processor, information processing method and program storage medium
US7254560B2 (en) * 2000-12-09 2007-08-07 Singhal Tara C Method and apparatus for an integrated identity security and payment system
US7548888B2 (en) * 2000-12-22 2009-06-16 Schutz Jared P Digital computer system and methods for implementing a financial transaction
US8396810B1 (en) * 2000-12-29 2013-03-12 Zixit Corporation Centralized authorization and fraud-prevention system including virtual wallet for network-based transactions
CA2962648A1 (en) * 2005-10-06 2007-04-19 Mastercard Mobile Transactions Solutions, Inc. Three-dimensional transaction authentication
US20030233317A1 (en) * 2001-01-30 2003-12-18 Nyce Corporation Methods and systems for transferring funds
FR2821225B1 (en) * 2001-02-20 2005-02-04 Mobileway Electronic Payment System Remote
WO2002067160A1 (en) * 2001-02-21 2002-08-29 Yozan Inc. Control transfer system
US20140143142A1 (en) * 2001-02-26 2014-05-22 Albert I. Talker Electronic Currency System
US20020123935A1 (en) * 2001-03-02 2002-09-05 Nader Asghari-Kamrani Secure commerce system and method
WO2003065164A3 (en) * 2002-01-30 2004-04-08 Arthur D Kranzley System and method for conducting secure payment transaction
DE10112166A1 (en) * 2001-03-12 2002-09-26 Jan Wendenburg A method for transaction evidencing
US20020133468A1 (en) * 2001-03-13 2002-09-19 I - Nvite Communications Inc. Method of electronic commerce transaction verification
US7292999B2 (en) * 2001-03-15 2007-11-06 American Express Travel Related Services Company, Inc. Online card present transaction
US20040139028A1 (en) * 2001-03-23 2004-07-15 Fishman Jayme Matthew System, process and article for conducting authenticated transactions
US20020138769A1 (en) * 2001-03-23 2002-09-26 Fishman Jayme Matthew System and process for conducting authenticated transactions online
US7328350B2 (en) * 2001-03-29 2008-02-05 Arcot Systems, Inc. Method and apparatus for secure cryptographic key generation, certification and use
US20020144122A1 (en) * 2001-04-03 2002-10-03 S.W.I.F.T. System and method for facilitating trusted transactions between businesses
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US7167985B2 (en) * 2001-04-30 2007-01-23 Identrus, Llc System and method for providing trusted browser verification
US7941368B2 (en) * 2001-05-08 2011-05-10 Advent IP LLC System and method for electronic transaction settlement
CN100343847C (en) * 2001-06-19 2007-10-17 富士施乐株式会社 Electronic document format control apparatus and method
US20030236743A1 (en) * 2002-06-25 2003-12-25 Min Moon Ki Electronic cash sharing system and method thereof
US20090008441A1 (en) * 2001-07-10 2009-01-08 Xatra Fund Mx, Llc Tracking rf transaction activity using a transaction device identifier
US8001054B1 (en) 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
US20040236699A1 (en) 2001-07-10 2004-11-25 American Express Travel Related Services Company, Inc. Method and system for hand geometry recognition biometrics on a fob
USRE45416E1 (en) 2001-07-10 2015-03-17 Xatra Fund Mx, Llc Processing an RF transaction using a routing number
US7705732B2 (en) 2001-07-10 2010-04-27 Fred Bishop Authenticating an RF transaction using a transaction counter
US7889052B2 (en) 2001-07-10 2011-02-15 Xatra Fund Mx, Llc Authorizing payment subsequent to RF transactions
US7360689B2 (en) 2001-07-10 2008-04-22 American Express Travel Related Services Company, Inc. Method and system for proffering multiple biometrics for use with a FOB
US7735725B1 (en) 2001-07-10 2010-06-15 Fred Bishop Processing an RF transaction using a routing number
US8294552B2 (en) 2001-07-10 2012-10-23 Xatra Fund Mx, Llc Facial scan biometrics on a payment device
US7668750B2 (en) 2001-07-10 2010-02-23 David S Bonalle Securing RF transactions using a transactions counter
US7996324B2 (en) 2001-07-10 2011-08-09 American Express Travel Related Services Company, Inc. Systems and methods for managing multiple accounts on a RF transaction device using secondary identification indicia
US9024719B1 (en) 2001-07-10 2015-05-05 Xatra Fund Mx, Llc RF transaction system and method for storing user personal data
US8284025B2 (en) 2001-07-10 2012-10-09 Xatra Fund Mx, Llc Method and system for auditory recognition biometrics on a FOB
US9031880B2 (en) * 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
US8548927B2 (en) 2001-07-10 2013-10-01 Xatra Fund Mx, Llc Biometric registration for facilitating an RF transaction
US7303120B2 (en) 2001-07-10 2007-12-04 American Express Travel Related Services Company, Inc. System for biometric security using a FOB
US7225156B2 (en) * 2001-07-11 2007-05-29 Fisher Douglas C Persistent dynamic payment service
US7266839B2 (en) 2001-07-12 2007-09-04 J P Morgan Chase Bank System and method for providing discriminated content to network users
FR2827448B1 (en) * 2001-07-12 2003-12-19 Gemplus Card Int Method providing a guarantee of payment for e-commerce in particular by mobile phone and implementation system
US6990471B1 (en) * 2001-08-02 2006-01-24 Oracle International Corp. Method and apparatus for secure electronic commerce
US20030041022A1 (en) * 2001-08-21 2003-02-27 Battle Tatia L. Electronic money instrument
US8737955B2 (en) * 2001-08-21 2014-05-27 Bookit Oy Ajanvarauspalvelu Managing recurring payments from mobile terminals
US8737958B2 (en) * 2001-08-21 2014-05-27 Bookit Oy Ajanvarauspalvelu Managing recurring payments from mobile terminals
US8737959B2 (en) * 2001-08-21 2014-05-27 Bookit Oy Ajanvarauspalvelu Managing recurring payments from mobile terminals
US9501775B2 (en) 2009-03-10 2016-11-22 Bookit Oy Ajanvarauspalvelu Managing recurring payments from mobile terminals
US8737954B2 (en) * 2001-08-21 2014-05-27 Bookit Oy Ajanvarauspalvelu Managing recurring payments from mobile terminals
US9418361B2 (en) 2001-08-21 2016-08-16 Bookit Oy Ajanvarauspalvelu Managing recurring payments from mobile terminals
CA2460886A1 (en) * 2001-09-21 2003-04-03 Bank One, Delaware, National Association Method for providing cardless payment
US7103576B2 (en) * 2001-09-21 2006-09-05 First Usa Bank, Na System for providing cardless payment
US20030070078A1 (en) * 2001-10-08 2003-04-10 Nosrati David F. Method and apparatus for adding security to online transactions using ordinary credit cards
DE10151213B4 (en) * 2001-10-15 2006-03-16 Siemens Ag A method for authorizing payments in a communication network
US7383232B2 (en) * 2001-10-24 2008-06-03 Capital Confirmation, Inc. Systems, methods and computer program products facilitating automated confirmations and third-party verifications
US7831488B2 (en) * 2001-10-24 2010-11-09 Capital Confirmation, Inc. Systems, methods and computer readable medium providing automated third-party confirmations
CA2919269A1 (en) 2001-11-01 2003-05-08 Jpmorgan Chase Bank, N.A. System and method for establishing or modifying an account with user selectable terms
JP2003141432A (en) * 2001-11-02 2003-05-16 Sony Corp Electronic commerce system, server and method
WO2003050648A3 (en) * 2001-11-12 2004-07-08 Worldcom Inc System and method for implementing frictionless micropayments for consumable services
US20030093371A1 (en) * 2001-11-13 2003-05-15 Linda Wilson Systems and methods for making disbursements of real estate settlement funds
JP2003162679A (en) * 2001-11-27 2003-06-06 Hitachi Ltd Electronic settlement system, information processing system, electronic settlement method and electronic settlement program
US7987501B2 (en) 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US7805376B2 (en) * 2002-06-14 2010-09-28 American Express Travel Related Services Company, Inc. Methods and apparatus for facilitating a transaction
US6901387B2 (en) * 2001-12-07 2005-05-31 General Electric Capital Financial Electronic purchasing method and apparatus for performing the same
US7577585B2 (en) * 2001-12-07 2009-08-18 American Express Travel Related Services Company, Inc. Method and system for completing transactions involving partial shipments
US8001052B2 (en) 2001-12-10 2011-08-16 Dunkeld Bryan C System and method for unique digital asset identification and transaction management
US7865446B2 (en) * 2001-12-11 2011-01-04 International Businesss Machines Corporation Method for secure electronic commercial transaction on-line processing
JP4082028B2 (en) * 2001-12-28 2008-04-30 ソニー株式会社 The information processing apparatus, information processing method, and program
CN100385897C (en) * 2001-12-28 2008-04-30 超波株式会社 Equipment forbidden device
CA2394742A1 (en) * 2002-01-17 2003-07-17 Michel Caron Portable device, activated by the fingerprint of the holder, that will provide a unique and different access code each time the holder uses it
US7941533B2 (en) 2002-02-19 2011-05-10 Jpmorgan Chase Bank, N.A. System and method for single sign-on session management without central server
US7213269B2 (en) 2002-02-21 2007-05-01 Adobe Systems Incorporated Application rights enabling
US7110987B2 (en) * 2002-02-22 2006-09-19 At&T Wireless Services, Inc. Secure online purchasing
US7007000B2 (en) * 2002-02-22 2006-02-28 At&T Wireless Services, Inc. Secure online purchasing
US7725404B2 (en) * 2002-02-27 2010-05-25 Imagineer Software, Inc. Secure electronic commerce using mutating identifiers
US8909557B2 (en) * 2002-02-28 2014-12-09 Mastercard International Incorporated Authentication arrangement and method for use with financial transaction
GB0204620D0 (en) * 2002-02-28 2002-04-10 Europay Internat N V Chip authentication programme
US20030167231A1 (en) * 2002-03-04 2003-09-04 First Data Corporation Method and system for processing credit card payments
US7899753B1 (en) * 2002-03-25 2011-03-01 Jpmorgan Chase Bank, N.A Systems and methods for time variable financial authentication
US20030212609A1 (en) * 2002-04-03 2003-11-13 Jeffery Blair Method of facilitating a transaction between a buyer and at least one seller
US7707120B2 (en) * 2002-04-17 2010-04-27 Visa International Service Association Mobile account authentication service
US7707121B1 (en) 2002-05-15 2010-04-27 Navio Systems, Inc. Methods and apparatus for title structure and management
US7401224B2 (en) * 2002-05-15 2008-07-15 Qualcomm Incorporated System and method for managing sonic token verifiers
US7707066B2 (en) 2002-05-15 2010-04-27 Navio Systems, Inc. Methods of facilitating merchant transactions using a computerized system including a set of titles
US6805289B2 (en) 2002-05-23 2004-10-19 Eduardo Noriega Prepaid card payment system and method for electronic commerce
US7263347B2 (en) 2002-05-24 2007-08-28 Cingular Wireless Ii, Llc Biometric authentication of a wireless device user
US9400589B1 (en) 2002-05-30 2016-07-26 Consumerinfo.Com, Inc. Circular rotational interface for display of consumer credit information
US9710852B1 (en) 2002-05-30 2017-07-18 Consumerinfo.Com, Inc. Credit report timeline user interface
WO2003104947A3 (en) 2002-06-06 2004-03-04 Dick C Hardt Distributed hierarchical identity management
US7356516B2 (en) 2002-06-13 2008-04-08 Visa U.S.A. Inc. Method and system for facilitating electronic dispute resolution
US7792759B2 (en) * 2002-07-29 2010-09-07 Emv Co. Llc Methods for performing transactions in a wireless environment
US8930270B2 (en) 2002-07-30 2015-01-06 Aol Inc. Smart payment instrument selection
US7603320B1 (en) * 2002-08-31 2009-10-13 Lingyan Shu Method and system for protecting sensitive information and preventing unauthorized use of identity information
US8019691B2 (en) * 2002-09-10 2011-09-13 Visa International Service Association Profile and identity authentication service
US6805287B2 (en) 2002-09-12 2004-10-19 American Express Travel Related Services Company, Inc. System and method for converting a stored value card to a credit card
US20040059686A1 (en) * 2002-09-19 2004-03-25 Levesque Daniel Robert On-line cryptographically based payment authorization method and apparatus
US9443268B1 (en) 2013-08-16 2016-09-13 Consumerinfo.Com, Inc. Bill payment and reporting
US20040064405A1 (en) * 2002-09-30 2004-04-01 First Data Corporation Methods and systems for processing partial payments using debit cards
US7058660B2 (en) 2002-10-02 2006-06-06 Bank One Corporation System and method for network-based project management
US8301493B2 (en) 2002-11-05 2012-10-30 Jpmorgan Chase Bank, N.A. System and method for providing incentives to consumers to share information
US7278168B1 (en) 2002-11-27 2007-10-02 Adobe Systems Incorporated Dynamic enabling of functionality in electronic document readers
US8660960B2 (en) 2002-11-27 2014-02-25 Adobe Systems Incorporated Document digest allowing selective changes to a document
US7346587B2 (en) * 2002-12-06 2008-03-18 Aol Llc Intelligent method of order completion in an e-commerce environment based on availability of stored billing information
US7363000B2 (en) * 2002-12-13 2008-04-22 Agere Systems Inc. Method, system, and computer program product for providing multi-tiered broadcasting services
US8566190B2 (en) * 2003-02-06 2013-10-22 Goldman, Sachs & Co. Method and apparatus for evaluating and monitoring collateralized debt obligations
US20070011104A1 (en) * 2003-03-21 2007-01-11 Ebay Inc. Payment transactions via substantially instant communication system
US7805366B2 (en) * 2003-03-21 2010-09-28 Ebay Inc. Method and system to facilitate payments to satisfy payment obligations resulting from purchase transactions
US20040193553A1 (en) * 2003-03-25 2004-09-30 Lloyd Joseph Alexander Process for securing digital transactions
US20040225751A1 (en) * 2003-04-25 2004-11-11 Urali Prem S. Systems and methods to facilitate e-business transactions through distributed systems
US7344882B2 (en) * 2003-05-12 2008-03-18 Bristol-Myers Squibb Company Polynucleotides encoding variants of the TRP channel family member, LTRPC3
US7895119B2 (en) * 2003-05-13 2011-02-22 Bank Of America Corporation Method and system for pushing credit payments as buyer initiated transactions
US20040230526A1 (en) * 2003-05-13 2004-11-18 Praisner C. Todd Payment control system and associated method for facilitating credit payments in the accounts payable environment
US7735144B2 (en) 2003-05-16 2010-06-08 Adobe Systems Incorporated Document modification detection and prevention
US7908215B2 (en) 2003-06-30 2011-03-15 American Express Travel Related Services Company, Inc. System and method for selection of payment systems from a payment system directory to process a transaction
US8666855B2 (en) * 2003-06-30 2014-03-04 Plati Networking, Llc System and method for a payment system directory
JP4339648B2 (en) * 2003-08-13 2009-10-07 富士通フロンテック株式会社 Electronic payment systems, electronic payment program and the electronic payment system,
US8626642B2 (en) 2003-08-22 2014-01-07 Compucredit Intellectual Property Holdings Corp. Iii System and method for dynamically managing a financial account
US20050055316A1 (en) * 2003-09-04 2005-03-10 Sun Microsystems, Inc. Method and apparatus having multiple identifiers for use in making transactions
US7240824B2 (en) * 2003-09-19 2007-07-10 International Business Machines Corporation Using radio frequency identification with customer loyalty cards to detect and/or prevent theft and shoplifting
GB2406925B (en) * 2003-10-09 2007-01-03 Vodafone Plc Facilitating and authenticating transactions
US7204412B2 (en) 2003-10-14 2007-04-17 Compucredit Intellectual Property Holdings Corp. Iii Family stored value card program
US8190893B2 (en) 2003-10-27 2012-05-29 Jp Morgan Chase Bank Portable security transaction protocol
US7653602B2 (en) * 2003-11-06 2010-01-26 Visa U.S.A. Inc. Centralized electronic commerce card transactions
US7039611B2 (en) * 2003-11-06 2006-05-02 Visa U.S.A., Inc. Managing attempts to initiate authentication of electronic commerce card transactions
US20050160264A1 (en) * 2004-01-21 2005-07-21 Reid Kuhn Trusted authentication credential exchange methods and apparatuses
US7236957B2 (en) * 2004-02-10 2007-06-26 Bottomline Technologies (De) Inc. Method for remotely authorizing a payment transaction file over an open network
US20050177504A1 (en) * 2004-02-10 2005-08-11 Bottomline Technologies (De) Inc. System and method for remotely authorizing a payment transaction file over an open network
US20050203843A1 (en) * 2004-03-12 2005-09-15 Wood George L. Internet debit system
US7413112B2 (en) * 2004-03-16 2008-08-19 American Express Travel Related Services Company, Inc. Method and system for manual authorization
US20050234822A1 (en) * 2004-04-16 2005-10-20 First Data Corporation Methods and systems for universal transaction processing
US8762283B2 (en) * 2004-05-03 2014-06-24 Visa International Service Association Multiple party benefit from an online authentication service
US9542671B2 (en) * 2004-05-12 2017-01-10 Paypal, Inc. Method and system to facilitate securely processing a payment for an online transaction
US9245266B2 (en) 2004-06-16 2016-01-26 Callahan Cellular L.L.C. Auditable privacy policies in a distributed hierarchical identity management system
US8527752B2 (en) 2004-06-16 2013-09-03 Dormarke Assets Limited Liability Graduated authentication in an identity management system
US8504704B2 (en) 2004-06-16 2013-08-06 Dormarke Assets Limited Liability Company Distributed contact information management
US7314164B2 (en) 2004-07-01 2008-01-01 American Express Travel Related Services Company, Inc. System for biometric security using a smartcard
US7341181B2 (en) 2004-07-01 2008-03-11 American Express Travel Related Services Company, Inc. Method for biometric security using a smartcard
US7314165B2 (en) * 2004-07-01 2008-01-01 American Express Travel Related Services Company, Inc. Method and system for smellprint recognition biometrics on a smartcard
US7363504B2 (en) 2004-07-01 2008-04-22 American Express Travel Related Services Company, Inc. Method and system for keystroke scan recognition biometrics on a smartcard
US7325724B2 (en) 2004-07-01 2008-02-05 American Express Travel Related Services Company, Inc. Method for registering a biometric for use with a smartcard
US7318550B2 (en) 2004-07-01 2008-01-15 American Express Travel Related Services Company, Inc. Biometric safeguard method for use with a smartcard
US7904306B2 (en) 2004-09-01 2011-03-08 Search America, Inc. Method and apparatus for assessing credit for healthcare patients
KR100670779B1 (en) * 2004-10-22 2007-01-17 한국전자통신연구원 Automated teller machine having an accessing point and method for providing financial service using the same
EP1825432A4 (en) * 2004-11-04 2009-07-29 Telcordia Tech Inc System and method for trust management
US7210620B2 (en) * 2005-01-04 2007-05-01 Ameriprise Financial, Inc. System for facilitating online electronic transactions
US8768838B1 (en) 2005-02-02 2014-07-01 Nexus Payments, LLC Financial transactions using a rule-module nexus and a user account registry
US8140527B2 (en) 2005-03-01 2012-03-20 Nokia Corporation Retrieving personal user information for storage in a device
US20060229998A1 (en) * 2005-03-31 2006-10-12 Mark Harrison Payment via financial service provider using network-based device
CN102368325A (en) * 2005-04-19 2012-03-07 微软公司 Network commercial transactions
US7849020B2 (en) * 2005-04-19 2010-12-07 Microsoft Corporation Method and apparatus for network transactions
US20060235795A1 (en) * 2005-04-19 2006-10-19 Microsoft Corporation Secure network commercial transactions
US8996423B2 (en) * 2005-04-19 2015-03-31 Microsoft Corporation Authentication for a commercial transaction using a mobile module
US8185877B1 (en) 2005-06-22 2012-05-22 Jpmorgan Chase Bank, N.A. System and method for testing applications
US7831520B2 (en) * 2005-06-28 2010-11-09 Ebay Inc. Mobile device communication system
JP5503819B2 (en) * 2005-08-09 2014-05-28 カーディナル コマース コーポレーション Web terminal and bridge to support the transfer of authentication data to the merchant contract company for payment processing
US9065643B2 (en) 2006-04-05 2015-06-23 Visa U.S.A. Inc. System and method for account identifier obfuscation
US8583926B1 (en) 2005-09-19 2013-11-12 Jpmorgan Chase Bank, N.A. System and method for anti-phishing authentication
EP2696317A1 (en) * 2012-08-06 2014-02-12 Saf-T-Pay, Inc. Payment system and clearinghouse of internet transactions
EP1941443A4 (en) * 2005-09-28 2012-12-19 Saf T Pay Inc Payment system and clearinghouse of internet transactions
US20120323735A1 (en) * 2005-09-28 2012-12-20 Saf-T-Pay, Inc. Payment system and clearinghouse of internet transactions
US20060026073A1 (en) * 2005-10-24 2006-02-02 Kenny Edwin R Jr Methods and Systems for Managing Card Programs and Processing Card Transactions
US8694435B1 (en) * 2005-11-14 2014-04-08 American Express Travel Related Services Company, Inc. System and method for linking point of sale devices within a virtual network
US9177338B2 (en) 2005-12-29 2015-11-03 Oncircle, Inc. Software, systems, and methods for processing digital bearer instruments
US20070162366A1 (en) * 2005-12-30 2007-07-12 Ebay Inc. Anti-phishing communication system
WO2007118178A3 (en) * 2006-04-05 2007-12-13 Gary E Gerber Methods and systems for enhanced consumer payment
WO2007121474A3 (en) * 2006-04-18 2008-02-28 James Shaw-Han Kuo System and method for secure online transaction
US20070286076A1 (en) 2006-04-29 2007-12-13 Navio Systems, Inc. Enhanced title processing arrangement
US20070265946A1 (en) * 2006-05-10 2007-11-15 International Business Machines Corporation Aggregating event indicators
US8589238B2 (en) * 2006-05-31 2013-11-19 Open Invention Network, Llc System and architecture for merchant integration of a biometric payment system
US20070288323A1 (en) * 2006-06-07 2007-12-13 Dani Halevy Method and System for Verifying the Integrity of an On-Line Vendor
US7818264B2 (en) 2006-06-19 2010-10-19 Visa U.S.A. Inc. Track data encryption
US8793490B1 (en) 2006-07-14 2014-07-29 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
WO2008014321A3 (en) * 2006-07-26 2008-08-21 Joseph Sally System for managing multiple credit accounts
US8036979B1 (en) 2006-10-05 2011-10-11 Experian Information Solutions, Inc. System and method for generating a finance attribute from tradeline data
US8335745B2 (en) 2006-10-11 2012-12-18 Visa International Service Association Method and system for processing micropayment transactions
US10068220B2 (en) * 2006-10-11 2018-09-04 Visa International Service Association Systems and methods for brokered authentication express seller links
US7966262B2 (en) * 2006-10-31 2011-06-21 Radiant Systems, Inc. Pay at pump encryption device
US20080243693A1 (en) * 2006-11-15 2008-10-02 Navio Systems, Inc. Title-acceptance and processing architecture
WO2008059465A3 (en) * 2006-11-16 2008-07-10 Net 1 Ueps Technologies Inc Secure financial transactions
US7606766B2 (en) * 2006-12-21 2009-10-20 American Express Travel Related Services Company, Inc. Computer system and computer-implemented method for selecting invoice settlement options
US20080162362A1 (en) * 2006-12-28 2008-07-03 Microsoft Corporation Increasing transaction authenticity with product license keys
US7810134B2 (en) * 2007-01-22 2010-10-05 First Data Corporation Authentication system for financial transactions
US9418501B2 (en) * 2007-02-05 2016-08-16 First Data Corporation Method for digital signature authentication of pin-less debit card account transactions
US20080207234A1 (en) * 2007-02-22 2008-08-28 First Data Corporation Marketing messages in mobile commerce
US20080208688A1 (en) * 2007-02-22 2008-08-28 First Data Corporation Methods and systems for handling of mobile discount certificates using mobile devices
US20080208743A1 (en) * 2007-02-22 2008-08-28 First Data Corporation Transfer of value between mobile devices in a mobile commerce system
US20080208762A1 (en) * 2007-02-22 2008-08-28 First Data Corporation Payments using a mobile commerce device
US10102518B2 (en) * 2007-02-22 2018-10-16 First Data Corporation Enrollment and registration of a device in a mobile commerce system
US8566239B2 (en) * 2007-02-22 2013-10-22 First Data Corporation Mobile commerce systems and methods
US20080223918A1 (en) * 2007-03-15 2008-09-18 Microsoft Corporation Payment tokens
US8370913B2 (en) 2007-03-16 2013-02-05 Apple Inc. Policy-based auditing of identity credential disclosure by a secure token service
US8151324B2 (en) 2007-03-16 2012-04-03 Lloyd Leon Burch Remotable information cards
CA2682610A1 (en) * 2007-04-03 2008-10-09 Cpni Inc. A system and method for merchant discovery and transfer of payment data
US8548908B2 (en) * 2007-04-11 2013-10-01 First Data Corporation Mobile commerce infrastructure systems and methods
KR20080096863A (en) * 2007-04-19 2008-11-04 주진용 Settlement system of accounts by on-line and settlement method thereof
US8473735B1 (en) 2007-05-17 2013-06-25 Jpmorgan Chase Systems and methods for managing digital certificates
US8725638B2 (en) * 2007-05-18 2014-05-13 Visa U.S.A. Inc. Method and system for payment authorization and card presentation using pre-issued identities
WO2008148118A3 (en) * 2007-05-25 2009-08-27 Metafos Inc. Anonymous online payment systems and methods
GB0803468D0 (en) * 2007-06-12 2008-04-02 Cvon Innovations Ltd Method and sytem for managing credits via a mobile device
EP2165499B1 (en) * 2007-06-22 2013-01-30 Gemalto SA A method of preventing web browser extensions from hijacking user information
US8121942B2 (en) 2007-06-25 2012-02-21 Visa U.S.A. Inc. Systems and methods for secure and transparent cardless transactions
EP2026266B1 (en) * 2007-07-27 2011-02-16 NTT DoCoMo, Inc. Method and apparatus for performing delegated transactions
EP2026267A1 (en) * 2007-07-31 2009-02-18 Nederlandse Organisatie voor toegepast- natuurwetenschappelijk onderzoek TNO Issuing electronic vouchers
US20090037311A1 (en) * 2007-08-03 2009-02-05 Ralph Mahmoud Omar system for and a method of a multifunction transaction
WO2009023747A3 (en) * 2007-08-14 2010-01-14 Delaware Capital Formation, Inc. Method and system for secure remote transfer of master key for automated teller banking machine
US20090106152A1 (en) * 2007-10-17 2009-04-23 The Western Union Company Money transfers utilizing unique receiver identifier
US20090265272A1 (en) * 2007-10-17 2009-10-22 The Western Union Company Money transfers utilizing a unique receiver identifier
US20100250436A1 (en) * 2007-10-17 2010-09-30 The Western Union Company Mobile customer service centers with a mobile pickup model
US9177313B1 (en) * 2007-10-18 2015-11-03 Jpmorgan Chase Bank, N.A. System and method for issuing, circulating and trading financial instruments with smart features
US9349127B2 (en) * 2007-11-29 2016-05-24 Visa Usa Inc. Serial number and payment data based payment card processing
US8396799B2 (en) 2007-11-29 2013-03-12 Visa U.S.A. Inc. Media device payments remote control personalization and protection
US8127986B1 (en) 2007-12-14 2012-03-06 Consumerinfo.Com, Inc. Card registry systems and methods
US10002384B1 (en) * 2007-12-20 2018-06-19 Jpmorgan Chase Bank, N.A. Automated card notification system and method
US20090171839A1 (en) * 2007-12-28 2009-07-02 Rosano Sharon A Systems and methods for processing recurring payment transactions
WO2009091611A1 (en) 2008-01-18 2009-07-23 Identrust, Inc. Binding a digital certificate to multiple trust domains
US8321682B1 (en) 2008-01-24 2012-11-27 Jpmorgan Chase Bank, N.A. System and method for generating and managing administrator passwords
US8468576B2 (en) 2008-02-11 2013-06-18 Apple Inc. System and method for application-integrated information card selection
US20090204542A1 (en) * 2008-02-11 2009-08-13 Novell, Inc. Privately sharing relying party reputation with information card selectors
US8079069B2 (en) * 2008-03-24 2011-12-13 Oracle International Corporation Cardspace history validator
US8286865B2 (en) * 2008-04-14 2012-10-16 Lockstep Technologies Pty Ltd Authenticating electronic financial transactions
US20090271856A1 (en) * 2008-04-24 2009-10-29 Novell, Inc. A Delaware Corporation Restricted use information cards
US8312033B1 (en) 2008-06-26 2012-11-13 Experian Marketing Solutions, Inc. Systems and methods for providing an integrated identifier
US9324098B1 (en) 2008-07-22 2016-04-26 Amazon Technologies, Inc. Hosted payment service system and method
US9256904B1 (en) 2008-08-14 2016-02-09 Experian Information Solutions, Inc. Multi-bureau credit file freeze and unfreeze
US8561172B2 (en) * 2008-08-29 2013-10-15 Novell Intellectual Property Holdings, Inc. System and method for virtual information cards
US20100063926A1 (en) * 2008-09-09 2010-03-11 Damon Charles Hougland Payment application framework
US9747621B1 (en) 2008-09-23 2017-08-29 Amazon Technologies, Inc. Widget-based integration of payment gateway functionality into transactional sites
US8965811B2 (en) * 2008-10-04 2015-02-24 Mastercard International Incorporated Methods and systems for using physical payment cards in secure E-commerce transactions
US8612305B2 (en) * 2008-10-31 2013-12-17 Visa International Service Association User enhanced authentication system for online purchases
US20110313947A1 (en) * 2008-11-18 2011-12-22 Moonstone Information Refinery International Pty Ltd Financial Practice Management System and Method
US7827108B2 (en) 2008-11-21 2010-11-02 Visa U.S.A. Inc. System and method of validating a relationship between a user and a user account at a financial institution
US8083135B2 (en) 2009-01-12 2011-12-27 Novell, Inc. Information card overlay
US8632003B2 (en) 2009-01-27 2014-01-21 Novell, Inc. Multiple persona information cards
GB0901589D0 (en) * 2009-01-30 2009-03-11 Omar Ralph M Improvements relating to multifunction authentication systems
US20100312703A1 (en) * 2009-06-03 2010-12-09 Ashish Kulpati System and method for providing authentication for card not present transactions using mobile device
US8065193B2 (en) 2009-06-06 2011-11-22 Bullock Roddy Mckee Method for making money on the internet
US8103553B2 (en) * 2009-06-06 2012-01-24 Bullock Roddy Mckee Method for making money on internet news sites and blogs
US20100332337A1 (en) * 2009-06-25 2010-12-30 Bullock Roddy Mckee Universal one-click online payment method and system
EP2446408A4 (en) * 2009-06-25 2013-02-27 Ericsson Telefon Ab L M Method and arrangement for enabling a media purchase
US9608826B2 (en) 2009-06-29 2017-03-28 Jpmorgan Chase Bank, N.A. System and method for partner key management
JP5657672B2 (en) * 2009-09-17 2015-01-21 ロイヤル カナディアン ミントRoyal Canadian Mint Reliable message storage, transfer protocols and systems
US20110083018A1 (en) * 2009-10-06 2011-04-07 Validity Sensors, Inc. Secure User Authentication
US8280788B2 (en) 2009-10-29 2012-10-02 Visa International Service Association Peer-to-peer and group financial management systems and methods
US8676639B2 (en) 2009-10-29 2014-03-18 Visa International Service Association System and method for promotion processing and authorization
US20110106715A1 (en) * 2009-10-30 2011-05-05 Bizilia Stephen J Family membership of businesses and consumers bound together by credit and debit cards for safety
EP2526517B1 (en) * 2010-01-19 2018-08-08 Visa International Service Association Token based transaction authentication
US20110191160A1 (en) * 2010-01-29 2011-08-04 Bank Of America Corporation Mobile payment device for conducting transactions associated with a merchant offer program
US8601266B2 (en) 2010-03-31 2013-12-03 Visa International Service Association Mutual mobile authentication using a key management center
US9317850B2 (en) * 2010-04-05 2016-04-19 Cardinalcommerce Corporation Method and system for processing PIN debit transactions
US8489894B2 (en) * 2010-05-26 2013-07-16 Paymetric, Inc. Reference token service
US20110313898A1 (en) * 2010-06-21 2011-12-22 Ebay Inc. Systems and methods for facitiating card verification over a network
US8744956B1 (en) 2010-07-01 2014-06-03 Experian Information Solutions, Inc. Systems and methods for permission arbitrated transaction services
US8931058B2 (en) 2010-07-01 2015-01-06 Experian Information Solutions, Inc. Systems and methods for permission arbitrated transaction services
US9342832B2 (en) * 2010-08-12 2016-05-17 Visa International Service Association Securing external systems with account token substitution
CA3013973A1 (en) * 2010-08-25 2012-03-01 Ace Series A. Holdco Llc Authorization of cash delivery
US9536366B2 (en) 2010-08-31 2017-01-03 Democracyontheweb, Llc Systems and methods for voting
US8762451B2 (en) * 2010-09-03 2014-06-24 Visa International Service Association System and method for custom service markets
US20120072346A1 (en) * 2010-09-16 2012-03-22 Yomir Sp System and method for securing and authenticating purchase transactions
CN101957958A (en) * 2010-09-19 2011-01-26 中兴通讯股份有限公司 Method and mobile phone terminal for realizing network payment
US8898086B2 (en) 2010-09-27 2014-11-25 Fidelity National Information Services Systems and methods for transmitting financial account information
EP2455922A1 (en) * 2010-11-17 2012-05-23 Inside Secure NFC transaction method and system
US9147042B1 (en) 2010-11-22 2015-09-29 Experian Information Solutions, Inc. Systems and methods for data verification
US9652769B1 (en) 2010-11-30 2017-05-16 Carbonite, Inc. Methods, apparatus and systems for securely storing and/or accessing payment information or other sensitive information based on tokens
US8762284B2 (en) 2010-12-16 2014-06-24 Democracyontheweb, Llc Systems and methods for facilitating secure transactions
KR101807764B1 (en) * 2010-12-31 2018-01-19 주식회사 케이티 Method and system for providing financial service
US20120197801A1 (en) * 2011-01-27 2012-08-02 Day Jimenez Merchant payment system and method for mobile phones
US20120215584A1 (en) 2011-02-18 2012-08-23 Leapset, Inc. Tracking off-line commerce and online activity
CN102694781B (en) * 2011-03-24 2015-12-16 中国银联股份有限公司 Security information interaction system and method for Internet-based
US8444052B2 (en) * 2011-04-05 2013-05-21 Rev Worldwide, Inc. Method and device for merchant authentication
US8688589B2 (en) 2011-04-15 2014-04-01 Shift4 Corporation Method and system for utilizing authorization factor pools
US9818111B2 (en) 2011-04-15 2017-11-14 Shift4 Corporation Merchant-based token sharing
EP2697756A4 (en) * 2011-04-15 2014-09-10 Shift4 Corp Method and system for enabling merchants to share tokens
US8433657B2 (en) * 2011-04-15 2013-04-30 Ofinno Technologies, Llc Secure and mobile financial transaction
US9256874B2 (en) 2011-04-15 2016-02-09 Shift4 Corporation Method and system for enabling merchants to share tokens
US9037963B1 (en) 2011-04-22 2015-05-19 Amazon Technologies, Inc. Secure cross-domain web browser communications
US20120317036A1 (en) * 2011-06-07 2012-12-13 Bower Mark F Payment card processing system with structure preserving encryption
US9607336B1 (en) 2011-06-16 2017-03-28 Consumerinfo.Com, Inc. Providing credit inquiry alerts
US20150120561A1 (en) * 2011-06-17 2015-04-30 Premier Healthcare Exchange, Inc. Healthcare Transaction Facilitation Platform Apparatuses, Methods and Systems
US8484105B2 (en) * 2011-06-27 2013-07-09 Capital Confirmation, Inc. System and method for providing business audit responses from legal professional
US20120330788A1 (en) * 2011-06-27 2012-12-27 Robert Hanson Payment selection and authorization by a mobile device
US8510185B2 (en) 2011-06-27 2013-08-13 Capital Confirmation, Inc. Systems and methods for obtaining automated third-party audit confirmations including client physical signatures, pin access, and multiple responders
US10055740B2 (en) 2011-06-27 2018-08-21 Amazon Technologies, Inc. Payment selection and authorization
US8543475B2 (en) 2011-06-27 2013-09-24 Capital Confirmation, Inc. System and method for obtaining automated third-party confirmations in receivables factoring
US20130006872A1 (en) * 2011-06-29 2013-01-03 Chandoor Madhuri Near-field communication based payment methods
US20130024377A1 (en) * 2011-07-20 2013-01-24 Daryl Stong Methods And Systems For Securing Transactions And Authenticating The Granting Of Permission To Perform Various Functions Over A Network
WO2013019519A1 (en) * 2011-08-02 2013-02-07 Rights Over Ip, Llc Rights-based system
FR2980017A1 (en) * 2011-09-14 2013-03-15 Oberthur Technologies System and method for processing a financial transaction
US9106691B1 (en) 2011-09-16 2015-08-11 Consumerinfo.Com, Inc. Systems and methods of identity protection and management
US20130073463A1 (en) * 2011-09-19 2013-03-21 James Dimmick Issuer trusted party system
FI20115945A0 (en) * 2011-09-28 2011-09-28 Onsun Oy Payment system
US8738516B1 (en) 2011-10-13 2014-05-27 Consumerinfo.Com, Inc. Debt services candidate locator
US20140108260A1 (en) * 2011-10-17 2014-04-17 Capital One Financial Corporation System and method for token-based payments
US20130185210A1 (en) * 2011-10-21 2013-07-18 The Board of Trustees of the Leland Stanford, Junior, University Method and System for Making Digital Payments
WO2013066405A1 (en) * 2011-11-04 2013-05-10 Alclear, Llc System and method for a financial transaction system having a secure biometric verification system
US20130132281A1 (en) * 2011-11-22 2013-05-23 Xerox Corporation Computer-implemented method for capturing data using provided instructions
EP2613287B1 (en) * 2012-01-04 2017-12-06 Barclays Bank PLC Computer system and method for initiating payments based on cheques
US20130185214A1 (en) * 2012-01-12 2013-07-18 Firethorn Mobile Inc. System and Method For Secure Offline Payment Transactions Using A Portable Computing Device
CA2862020C (en) * 2012-01-19 2018-03-20 Mastercard International Incorporated System and method to enable a network of digital wallets
US20130191272A1 (en) * 2012-01-20 2013-07-25 The Western Union Company Systems and Methods for Division and Identification of Financial Transfers
US8898088B2 (en) 2012-02-29 2014-11-25 Google Inc. In-card access control and monotonic counters for offline payment processing system
US8959034B2 (en) * 2012-02-29 2015-02-17 Google Inc. Transaction signature for offline payment processing system
US9020858B2 (en) 2012-02-29 2015-04-28 Google Inc. Presence-of-card code for offline payment processing system
US9760939B2 (en) * 2012-03-23 2017-09-12 The Toronto-Dominion Bank System and method for downloading an electronic product to a pin-pad terminal using a directly-transmitted electronic shopping basket entry
US9842335B2 (en) * 2012-03-23 2017-12-12 The Toronto-Dominion Bank System and method for authenticating a payment terminal
US9152957B2 (en) 2012-03-23 2015-10-06 The Toronto-Dominion Bank System and method for downloading an electronic product to a pin-pad terminal after validating an electronic shopping basket entry
US20130282588A1 (en) * 2012-04-22 2013-10-24 John Hruska Consumer, Merchant and Mobile Device Specific, Real-Time Dynamic Tokenization Activation within a Secure Mobile-Wallet Financial Transaction System
EP2850772A4 (en) * 2012-05-04 2016-02-17 Institutional Cash Distributors Technology Llc Secure transaction object creation, propagation and invocation
US20140331058A1 (en) * 2013-05-06 2014-11-06 Institutional Cash Distributors Technology, Llc Encapsulated security tokens for electronic transactions
US9853959B1 (en) 2012-05-07 2017-12-26 Consumerinfo.Com, Inc. Storage and maintenance of personal data
US20130297385A1 (en) * 2012-05-07 2013-11-07 Opentv, Inc. System and apparatus for reselling digital media rights
US9710805B2 (en) 2012-06-18 2017-07-18 Paypal, Inc. Prepaid wallet for merchants
US9053312B2 (en) 2012-06-19 2015-06-09 Paychief, Llc Methods and systems for providing bidirectional authentication
US20130346291A1 (en) * 2012-06-22 2013-12-26 Paychief Llc Systems and methods for purchasing products or services through the use of a symbology
US8997184B2 (en) 2012-06-22 2015-03-31 Paychief Llc Systems and methods for providing a one-time authorization
US9043609B2 (en) 2012-07-19 2015-05-26 Bank Of America Corporation Implementing security measures for authorized tokens used in mobile transactions
US9530130B2 (en) 2012-07-30 2016-12-27 Mastercard International Incorporated Systems and methods for correction of information in card-not-present account-on-file transactions
US20140074722A1 (en) * 2012-09-12 2014-03-13 Microsoft Corporation Use of state objects in near field communication (nfc) transactions
US8700525B1 (en) * 2012-10-17 2014-04-15 Vantiv, Llc Systems, methods and apparatus for variable settlement accounts
US20140122196A1 (en) * 2012-10-29 2014-05-01 Yub, Inc Secure vault for online-to-offline transactions
US9654541B1 (en) 2012-11-12 2017-05-16 Consumerinfo.Com, Inc. Aggregating user web browsing data
US8856894B1 (en) 2012-11-28 2014-10-07 Consumerinfo.Com, Inc. Always on authentication
US9916621B1 (en) 2012-11-30 2018-03-13 Consumerinfo.Com, Inc. Presentation of credit score factors
EP2738724A1 (en) * 2012-12-03 2014-06-04 The Roberto Giori Company Ltd. System and method for transferring electronic money
US20140164243A1 (en) * 2012-12-07 2014-06-12 Christian Aabye Dynamic Account Identifier With Return Real Account Identifier
US9715689B1 (en) 2012-12-17 2017-07-25 Wells Fargo Bank, N.A. Interoperable mobile wallet refund
US20140229375A1 (en) * 2013-02-11 2014-08-14 Groupon, Inc. Consumer device payment token management
US9576286B1 (en) 2013-03-11 2017-02-21 Groupon, Inc. Consumer device based point-of-sale
US9852409B2 (en) 2013-03-11 2017-12-26 Groupon, Inc. Consumer device based point-of-sale
US10102570B1 (en) 2013-03-14 2018-10-16 Consumerinfo.Com, Inc. Account vulnerability alerts
US9406085B1 (en) 2013-03-14 2016-08-02 Consumerinfo.Com, Inc. System and methods for credit dispute processing, resolution, and reporting
US9870589B1 (en) 2013-03-14 2018-01-16 Consumerinfo.Com, Inc. Credit utilization tracking and reporting
US9419957B1 (en) 2013-03-15 2016-08-16 Jpmorgan Chase Bank, N.A. Confidence-based authentication
US9633322B1 (en) 2013-03-15 2017-04-25 Consumerinfo.Com, Inc. Adjustment of knowledge-based authentication
US20140337206A1 (en) * 2013-05-10 2014-11-13 Albert Talker Electronic Currency System
US9721147B1 (en) 2013-05-23 2017-08-01 Consumerinfo.Com, Inc. Digital identity
US20140365363A1 (en) * 2013-06-07 2014-12-11 Prairie Cloudware, Inc Secure integrative vault of consumer payment instruments for use in payment processing system and method
US20140372308A1 (en) * 2013-06-17 2014-12-18 John Sheets System and method using merchant token
EP2819050A1 (en) * 2013-06-25 2014-12-31 Aliaslab S.p.A. Electronic signature system for an electronic document using a third-party authentication circuit
US20150006384A1 (en) * 2013-06-28 2015-01-01 Zahid Nasiruddin Shaikh Device fingerprinting
US9032213B2 (en) * 2013-07-25 2015-05-12 Fujitsu Limited Data distribution path verification
US9928493B2 (en) 2013-09-27 2018-03-27 Groupon, Inc. Systems and methods for providing consumer facing point-of-sale interfaces
US20150142658A1 (en) * 2013-11-19 2015-05-21 Tencent Technology (Shenzhen) Company Limited Payment binding management method, payment server, client, and system
US9477737B1 (en) 2013-11-20 2016-10-25 Consumerinfo.Com, Inc. Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules
USD759689S1 (en) 2014-03-25 2016-06-21 Consumerinfo.Com, Inc. Display screen or portion thereof with graphical user interface
USD760256S1 (en) 2014-03-25 2016-06-28 Consumerinfo.Com, Inc. Display screen or portion thereof with graphical user interface
USD759690S1 (en) 2014-03-25 2016-06-21 Consumerinfo.Com, Inc. Display screen or portion thereof with graphical user interface
US9892457B1 (en) 2014-04-16 2018-02-13 Consumerinfo.Com, Inc. Providing credit data in search results
US20150317613A1 (en) * 2014-04-30 2015-11-05 Mastercard International Incorporated Systems and methods for providing anonymized transaction data to third-parties
US20160094543A1 (en) * 2014-09-30 2016-03-31 Citrix Systems, Inc. Federated full domain logon
US9697517B1 (en) * 2014-10-03 2017-07-04 State Farm Mutual Automobile Insurance Company Token generation in providing a secure credit card payment service without storing credit card data on merchant servers
US9256870B1 (en) 2014-12-02 2016-02-09 Mastercard International Incorporated Methods and systems for updating expiry information of an account
US9607189B2 (en) 2015-01-14 2017-03-28 Tactilis Sdn Bhd Smart card system comprising a card and a carrier
US10037528B2 (en) 2015-01-14 2018-07-31 Tactilis Sdn Bhd Biometric device utilizing finger sequence for authentication
US9998978B2 (en) 2015-04-16 2018-06-12 Visa International Service Association Systems and methods for processing dormant virtual access devices
GB201611229D0 (en) * 2016-06-28 2016-08-10 Comcarde Ltd Payment handling apparatus and method

Citations (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4799156A (en) * 1986-10-01 1989-01-17 Strategic Processing Corporation Interactive market management system
US4947028A (en) * 1988-07-19 1990-08-07 Arbor International, Inc. Automated order and payment system
WO1995016971A1 (en) * 1993-12-16 1995-06-22 Open Market, Inc. Digital active advertising
US5495533A (en) * 1994-04-29 1996-02-27 International Business Machines Corporation Personal key archive
US5557518A (en) * 1994-04-28 1996-09-17 Citibank, N.A. Trusted agents for open electronic commerce
US5590197A (en) 1995-04-04 1996-12-31 V-One Corporation Electronic payment system and method
US5594796A (en) * 1994-10-05 1997-01-14 Motorola, Inc. Method and apparatus for detecting unauthorized distribution of data
US5671279A (en) * 1995-11-13 1997-09-23 Netscape Communications Corporation Electronic commerce using a secure courier system
US5677955A (en) * 1995-04-07 1997-10-14 Financial Services Technology Consortium Electronic funds transfer instruments
WO1997041540A1 (en) 1996-04-26 1997-11-06 Verifone, Inc. A system, method and article of manufacture for network electronic authorization utilizing an authorization instrument
US5715314A (en) * 1994-10-24 1998-02-03 Open Market, Inc. Network sales system
JPH1063925A (en) * 1996-08-26 1998-03-06 Aimu:Kk Account settling system by credit card on internet unnecessitating encipherment of credit card number
WO1998014921A1 (en) 1996-10-04 1998-04-09 Certco, Llc Payment and transactions in electronic commerce system
US5744787A (en) 1994-09-25 1998-04-28 Advanced Retail Systems Ltd. System and method for retail
WO1998021679A1 (en) 1996-11-13 1998-05-22 Microsoft Corporation System and method for conducting commerce over a distributed network
US5757917A (en) * 1995-11-01 1998-05-26 First Virtual Holdings Incorporated Computerized payment system for purchasing goods and services on the internet
US5790677A (en) * 1995-06-29 1998-08-04 Microsoft Corporation System and method for secure electronic commerce transactions
US5790025A (en) * 1996-08-01 1998-08-04 International Business Machines Corporation Tamper detection using bulk multiple scattering
US5805798A (en) * 1996-10-29 1998-09-08 Electronic Data Systems Corporation Fail-safe event driven transaction processing system and method
US5812776A (en) * 1995-06-07 1998-09-22 Open Market, Inc. Method of providing internet pages by mapping telephone number provided by client to URL and returning the same in a redirect command by server
US5822737A (en) * 1996-02-05 1998-10-13 Ogram; Mark E. Financial transaction system
US5826245A (en) * 1995-03-20 1998-10-20 Sandberg-Diment; Erik Providing verification information for a transaction
US5825881A (en) * 1996-06-28 1998-10-20 Allsoft Distributing Inc. Public network merchandising system
US5826242A (en) * 1995-10-06 1998-10-20 Netscape Communications Corporation Method of on-line shopping utilizing persistent client state in a hypertext transfer protocol based client-server system
US5850446A (en) 1996-06-17 1998-12-15 Verifone, Inc. System, method and article of manufacture for virtual point of sale processing utilizing an extensible, flexible architecture
US5930777A (en) * 1997-04-15 1999-07-27 Barber; Timothy P. Method of charging for pay-per-access information over a network
US5974146A (en) * 1997-07-30 1999-10-26 Huntington Bancshares Incorporated Real time bank-centric universal payment system
US5991750A (en) * 1997-10-24 1999-11-23 Ge Capital System and method for pre-authorization of individual account transactions
US6014636A (en) * 1997-05-06 2000-01-11 Lucent Technologies Inc. Point of sale method and system
US6016484A (en) * 1996-04-26 2000-01-18 Verifone, Inc. System, method and article of manufacture for network electronic payment instrument and certification of payment and credit collection utilizing a payment
US6023682A (en) * 1997-10-21 2000-02-08 At&T Corporation Method and apparatus for credit card purchase authorization utilizing a comparison of a purchase token with test information
US6058381A (en) * 1996-10-30 2000-05-02 Nelson; Theodor Holm Many-to-many payments system for network content materials
US6163771A (en) * 1997-08-28 2000-12-19 Walker Digital, Llc Method and device for generating a single-use financial account number

Patent Citations (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4799156A (en) * 1986-10-01 1989-01-17 Strategic Processing Corporation Interactive market management system
US4947028A (en) * 1988-07-19 1990-08-07 Arbor International, Inc. Automated order and payment system
US4947028B1 (en) * 1988-07-19 1993-06-08 U S Order Inc
WO1995016971A1 (en) * 1993-12-16 1995-06-22 Open Market, Inc. Digital active advertising
US5724424A (en) * 1993-12-16 1998-03-03 Open Market, Inc. Digital active advertising
US6049785A (en) * 1993-12-16 2000-04-11 Open Market, Inc. Open network payment system for providing for authentication of payment orders based on a confirmation electronic mail message
US5703949A (en) * 1994-04-28 1997-12-30 Citibank, N.A. Method for establishing secure communications among processing devices
US5621797A (en) * 1994-04-28 1997-04-15 Citibank, N.A. Electronic ticket presentation and transfer method
US5642419A (en) * 1994-04-28 1997-06-24 Citibank N.A. Method for acquiring and revalidating an electronic credential
US5557518A (en) * 1994-04-28 1996-09-17 Citibank, N.A. Trusted agents for open electronic commerce
US5495533A (en) * 1994-04-29 1996-02-27 International Business Machines Corporation Personal key archive
US5744787A (en) 1994-09-25 1998-04-28 Advanced Retail Systems Ltd. System and method for retail
US5594796A (en) * 1994-10-05 1997-01-14 Motorola, Inc. Method and apparatus for detecting unauthorized distribution of data
US5715314A (en) * 1994-10-24 1998-02-03 Open Market, Inc. Network sales system
US5826245A (en) * 1995-03-20 1998-10-20 Sandberg-Diment; Erik Providing verification information for a transaction
US5590197A (en) 1995-04-04 1996-12-31 V-One Corporation Electronic payment system and method
US5677955A (en) * 1995-04-07 1997-10-14 Financial Services Technology Consortium Electronic funds transfer instruments
US5812776A (en) * 1995-06-07 1998-09-22 Open Market, Inc. Method of providing internet pages by mapping telephone number provided by client to URL and returning the same in a redirect command by server
US5790677A (en) * 1995-06-29 1998-08-04 Microsoft Corporation System and method for secure electronic commerce transactions
US5826242A (en) * 1995-10-06 1998-10-20 Netscape Communications Corporation Method of on-line shopping utilizing persistent client state in a hypertext transfer protocol based client-server system
US5757917A (en) * 1995-11-01 1998-05-26 First Virtual Holdings Incorporated Computerized payment system for purchasing goods and services on the internet
US5671279A (en) * 1995-11-13 1997-09-23 Netscape Communications Corporation Electronic commerce using a secure courier system
US5822737A (en) * 1996-02-05 1998-10-13 Ogram; Mark E. Financial transaction system
US6016484A (en) * 1996-04-26 2000-01-18 Verifone, Inc. System, method and article of manufacture for network electronic payment instrument and certification of payment and credit collection utilizing a payment
WO1997041540A1 (en) 1996-04-26 1997-11-06 Verifone, Inc. A system, method and article of manufacture for network electronic authorization utilizing an authorization instrument
US5850446A (en) 1996-06-17 1998-12-15 Verifone, Inc. System, method and article of manufacture for virtual point of sale processing utilizing an extensible, flexible architecture
US5825881A (en) * 1996-06-28 1998-10-20 Allsoft Distributing Inc. Public network merchandising system
US5790025A (en) * 1996-08-01 1998-08-04 International Business Machines Corporation Tamper detection using bulk multiple scattering
JPH1063925A (en) * 1996-08-26 1998-03-06 Aimu:Kk Account settling system by credit card on internet unnecessitating encipherment of credit card number
WO1998014921A1 (en) 1996-10-04 1998-04-09 Certco, Llc Payment and transactions in electronic commerce system
US6029150A (en) * 1996-10-04 2000-02-22 Certco, Llc Payment and transactions in electronic commerce system
US5805798A (en) * 1996-10-29 1998-09-08 Electronic Data Systems Corporation Fail-safe event driven transaction processing system and method
US6058381A (en) * 1996-10-30 2000-05-02 Nelson; Theodor Holm Many-to-many payments system for network content materials
WO1998021679A1 (en) 1996-11-13 1998-05-22 Microsoft Corporation System and method for conducting commerce over a distributed network
US5930777A (en) * 1997-04-15 1999-07-27 Barber; Timothy P. Method of charging for pay-per-access information over a network
US6014636A (en) * 1997-05-06 2000-01-11 Lucent Technologies Inc. Point of sale method and system
US5974146A (en) * 1997-07-30 1999-10-26 Huntington Bancshares Incorporated Real time bank-centric universal payment system
US6163771A (en) * 1997-08-28 2000-12-19 Walker Digital, Llc Method and device for generating a single-use financial account number
US6023682A (en) * 1997-10-21 2000-02-08 At&T Corporation Method and apparatus for credit card purchase authorization utilizing a comparison of a purchase token with test information
US5991750A (en) * 1997-10-24 1999-11-23 Ge Capital System and method for pre-authorization of individual account transactions

Non-Patent Citations (11)

* Cited by examiner, † Cited by third party
Title
"GlobeSet Announces General Availability of Industry-First Server Wallet to Simplify Deployment and Support for Secure Internet Transactions," Business Wire, LookSmart, http://www.findarticles.com/cf_0/mDEN/1998_Nov_5/53177583.html, Nov. 1998, 2 pages, Austin, Texas.
"SET Secure Electronic Transaction Specification Book 1: Business Description," Version 1, pp. 1-72, May 1997.
"Tech Bytes: Cybercash Distribution Deal with Canadian Bank" American Banker, Jun. 10, 1996, v 161, issue 110, p. 16. *
Anderson et al. Description of Financial Agent Secured Transactions Authentication. *
Anderson et al., "Description of Financial Agent Secured Transactions (FAST) Authentication," Financial Technology Consortium, Fourth Draft, Dec. 2, 1998. *
L Tang, "A Set of Protocols for Micropayments in Distributed Systems," First USENIX Workshop on Electronic Commerce, http://www.usenix.org, Jul. 1995, 10 pages.
Milt Anderson et al., "Description of Financial Agent Secured Transactions (FAST) Authentication," Financial Services Technology Consortium, Fourth Draft, Dec. 2, 1998. *
O'Mahoney et al. Electronic Payment Systems, Artech House, Inc., Norwood, Ma, 1997. *
O'Mahony, Donal, Peirce, Michael and Tewari, Hitesh, Electronic Payment Systems, Artech House, Inc., Norwood, MA, 1997. *
T. Clark, "E-commerce firm opens wallet," CNET News.com, http://news.com/2102-1017-212302.html, 2002, 2 pages.
T. Clark, "Wallet software sparks SET debate," CNET New.com, http://news.com/2102-1017-212623.html, 2002, 2 pages.

Cited By (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040111379A1 (en) * 1999-02-12 2004-06-10 Mack Hicks System and method for providing certification-related and other services
US9684889B2 (en) * 1999-02-12 2017-06-20 Identrust, Inc. System and method for providing certification-related and other services
US20140289110A1 (en) * 1999-04-30 2014-09-25 Max R. Levchin Using tokens in digital wallet transactions
US9996826B2 (en) 1999-04-30 2018-06-12 Paypal, Inc. System and methods for facilitating value exchanges using mobile devices
US20110208961A1 (en) * 2004-04-12 2011-08-25 Bushman M Benjamin Secure messaging system
US20060149671A1 (en) * 2004-06-25 2006-07-06 Robert Nix Payment processing method and system
US8108317B2 (en) * 2005-08-31 2012-01-31 Hand Held Products, Inc. System and method for restricting access to a terminal
US20070067634A1 (en) * 2005-08-31 2007-03-22 Siegler Thomas A System and method for restricting access to a terminal
US20090177587A1 (en) * 2006-02-06 2009-07-09 Yt Acquisition Corporation Method and system for providing online authentication utilizing biometric data
US9911146B2 (en) * 2006-02-06 2018-03-06 Open Invention Network, Llc Method and system for providing online authentication utilizing biometric data
US20100299195A1 (en) * 2006-04-24 2010-11-25 Robert Nix Systems and methods for implementing financial transactions
US20080167888A1 (en) * 2007-01-09 2008-07-10 I4 Commerce Inc. Method and system for identification verification between at least a pair of entities
US9342823B2 (en) * 2007-06-18 2016-05-17 Lemon, Inc. Payment clearing network for electronic financial transactions and related personal financial transaction device
US20080313047A1 (en) * 2007-06-18 2008-12-18 Bling Nation, Ltd. Payment clearing network for electronic financial transactions and related personal financial transaction device
US10043178B2 (en) 2007-06-25 2018-08-07 Visa International Service Association Secure mobile payment system
US9530131B2 (en) 2008-07-29 2016-12-27 Visa U.S.A. Inc. Transaction processing using a global unique identifier
US9898740B2 (en) 2008-11-06 2018-02-20 Visa International Service Association Online challenge-response
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US8827154B2 (en) 2009-05-15 2014-09-09 Visa International Service Association Verification of portable consumer devices
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US9582801B2 (en) 2009-05-15 2017-02-28 Visa International Service Association Secure communication of payment information to merchants using a verification token
US10009177B2 (en) 2009-05-15 2018-06-26 Visa International Service Association Integration of verification tokens with mobile communication devices
US9317848B2 (en) 2009-05-15 2016-04-19 Visa International Service Association Integration of verification tokens with mobile communication devices
US10043186B2 (en) 2009-05-15 2018-08-07 Visa International Service Association Secure authentication system and method
US9904919B2 (en) 2009-05-15 2018-02-27 Visa International Service Association Verification of portable consumer devices
US9372971B2 (en) 2009-05-15 2016-06-21 Visa International Service Association Integration of verification tokens with portable computing devices
US10049360B2 (en) 2009-05-15 2018-08-14 Visa International Service Association Secure communication of payment information to merchants using a verification token
US9792611B2 (en) 2009-05-15 2017-10-17 Visa International Service Association Secure authentication system and method
US20120284196A1 (en) * 2009-10-07 2012-11-08 Andras Vilmos Method for initiating and performing a cnp business transaction, software for the same and a communication device comprising such software
US9836735B2 (en) * 2009-10-07 2017-12-05 Andras Vilmos Method for initiating and performing a CNP business transaction, software for the same and a communication device comprising such software
US8788429B2 (en) * 2009-12-30 2014-07-22 First Data Corporation Secure transaction management
US20110161233A1 (en) * 2009-12-30 2011-06-30 First Data Corporation Secure transaction management
US20130191290A1 (en) * 2010-01-19 2013-07-25 Glencurr Pty Ltd Method, device and system for securing payment data for transmission over open communication networks
US9424413B2 (en) 2010-02-24 2016-08-23 Visa International Service Association Integration of payment capability into secure elements of computers
US9589268B2 (en) 2010-02-24 2017-03-07 Visa International Service Association Integration of payment capability into secure elements of computers
US9485258B2 (en) * 2011-02-13 2016-11-01 Openwave Mobility, Inc. Mediation system and method for restricted access item distribution
US20120209778A1 (en) * 2011-02-13 2012-08-16 Openwave Systems Inc. Mediation system and method for restricted access item distribution
US9280765B2 (en) 2011-04-11 2016-03-08 Visa International Service Association Multiple tokenization for authentication
US20130018793A1 (en) * 2011-07-15 2013-01-17 Shoon Ping Wong Methods and systems for payments assurance
US9947010B2 (en) * 2011-07-15 2018-04-17 Mastercard International Incorporated Methods and systems for payments assurance
US9704155B2 (en) 2011-07-29 2017-07-11 Visa International Service Association Passing payment tokens through an hop/sop
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10078832B2 (en) 2011-08-24 2018-09-18 Visa International Service Association Method for using barcodes and mobile devices to conduct payment transactions
US9792593B2 (en) 2011-11-23 2017-10-17 The Toronto-Dominion Bank System and method for processing an online transaction request
US9830595B2 (en) 2012-01-26 2017-11-28 Visa International Service Association System and method of providing tokenization as a service
US9524501B2 (en) 2012-06-06 2016-12-20 Visa International Service Association Method and system for correlating diverse transaction data
US9547769B2 (en) 2012-07-03 2017-01-17 Visa International Service Association Data protection hub
US9846861B2 (en) 2012-07-25 2017-12-19 Visa International Service Association Upstream and downstream data conversion
US9256871B2 (en) 2012-07-26 2016-02-09 Visa U.S.A. Inc. Configurable payment tokens
US9727858B2 (en) 2012-07-26 2017-08-08 Visa U.S.A. Inc. Configurable payment tokens
US9665722B2 (en) 2012-08-10 2017-05-30 Visa International Service Association Privacy firewall
US9660977B2 (en) * 2012-11-13 2017-05-23 Alcatel Lucent Restricted certificate enrollment for unknown devices in hotspot networks
US20160134622A1 (en) * 2012-11-13 2016-05-12 Alcatel Lucent Restricted Certificate Enrollment For Unknown Devices In Hotspot Networks
US9911118B2 (en) 2012-11-21 2018-03-06 Visa International Service Association Device pairing via trusted intermediary
US9741051B2 (en) 2013-01-02 2017-08-22 Visa International Service Association Tokenization and third-party interaction
US8694438B1 (en) * 2013-03-12 2014-04-08 Scvngr Distributed authenticity verification for consumer payment transactions
US9978062B2 (en) 2013-05-15 2018-05-22 Visa International Service Association Mobile tokenization hub
US9530289B2 (en) 2013-07-11 2016-12-27 Scvngr, Inc. Payment processing with automatic no-touch mode selection
US20150026070A1 (en) * 2013-07-16 2015-01-22 Mastercard International Incorporated Systems and methods for correlating cardholder identity attributes on a payment card network to determine payment card fraud
US9996835B2 (en) 2013-07-24 2018-06-12 Visa International Service Association Systems and methods for communicating token attributes associated with a token vault
US9978094B2 (en) 2013-10-11 2018-05-22 Visa International Service Association Tokenization revocation list
US9516487B2 (en) 2013-11-19 2016-12-06 Visa International Service Association Automated account provisioning
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US9972005B2 (en) 2013-12-19 2018-05-15 Visa International Service Association Cloud-based transactions methods and systems
US10062079B2 (en) 2014-01-14 2018-08-28 Visa International Service Association Payment account identifier system
US9846878B2 (en) 2014-01-14 2017-12-19 Visa International Service Association Payment account identifier system
US10026087B2 (en) 2014-04-08 2018-07-17 Visa International Service Association Data passed in an interaction
US9942043B2 (en) 2014-04-23 2018-04-10 Visa International Service Association Token security on a communication device
US9680942B2 (en) 2014-05-01 2017-06-13 Visa International Service Association Data verification using access device
US9848052B2 (en) 2014-05-05 2017-12-19 Visa International Service Association System and method for token domain control
US10038563B2 (en) 2014-07-23 2018-07-31 Visa International Service Association Systems and methods for secure detokenization
US9780953B2 (en) 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US10049353B2 (en) 2014-08-22 2018-08-14 Visa International Service Association Embedding cloud-based functionalities in a communication device
US10015147B2 (en) 2014-10-22 2018-07-03 Visa International Service Association Token enrollment system and method
US10096009B2 (en) 2015-01-20 2018-10-09 Visa International Service Association Secure payment processing using authorization request
US10057061B1 (en) * 2016-09-13 2018-08-21 Wells Fargo Bank, N.A. Secure digital communications

Also Published As

Publication number Publication date Type
US6327578B1 (en) 2001-12-04 grant
EP1017030A2 (en) 2000-07-05 application
KR100349779B1 (en) 2002-08-22 grant
JP2000194770A (en) 2000-07-14 application
EP1017030A3 (en) 2003-12-03 application
KR20000048436A (en) 2000-07-25 application

Similar Documents

Publication Publication Date Title
Cox et al. NetBill Security and Transaction Protocol.
US7280981B2 (en) Method and system for facilitating payment transactions using access devices
US6938019B1 (en) Method and apparatus for making secure electronic payments
US6157920A (en) Executable digital cash for electronic commerce
US7111789B2 (en) Enhancements to multi-party authentication and other protocols
US6941282B1 (en) Methods and systems for carrying out directory-authenticated electronic transactions including contingency-dependent payments via secure electronic bank drafts
US5999625A (en) Method for electronic payment system with issuer control
US6681328B1 (en) System and method for global internet digital identification
US7827115B2 (en) Online payer authentication service
US6915279B2 (en) System and method for conducting secure payment transactions
US6749114B2 (en) Universal authorization card system and method for using same
US5850442A (en) Secure world wide electronic commerce over an open network
US6049785A (en) Open network payment system for providing for authentication of payment orders based on a confirmation electronic mail message
US7146342B1 (en) Payment system and method for use in an electronic commerce system
US7379919B2 (en) Method and system for conducting secure payments over a computer network
US20010032878A1 (en) Method and system for making anonymous electronic payments on the world wide web
US7103575B1 (en) Enabling use of smart cards by consumer devices for internet commerce
US5956699A (en) System for secured credit card transactions on the internet
US20040199469A1 (en) Biometric transaction system and method
US20150052064A1 (en) Secure Remote Payment Transaction Processing Using a Secure Element
US6236972B1 (en) Method and apparatus for facilitating transactions on a commercial network system
US20070037552A1 (en) Method and system for performing two factor mutual authentication
US20030028470A1 (en) Method for providing anonymous on-line transactions
US7003480B2 (en) GUMP: grand unified meta-protocol for simple standards-based electronic commerce transactions
US5883810A (en) Electronic online commerce card with transactionproxy number for online transactions

Legal Events

Date Code Title Description
CC Certificate of correction
REMI Maintenance fee reminder mailed
FPAY Fee payment

Year of fee payment: 8

SULP Surcharge for late payment

Year of fee payment: 7

AS Assignment

Owner name: EBAY INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:029512/0567

Effective date: 20120928

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
REIN Reinstatement after maintenance fee payment confirmed
FPAY Fee payment

Year of fee payment: 12

SULP Surcharge for late payment
PRDP Patent reinstated due to the acceptance of a late maintenance fee

Effective date: 20080729

AS Assignment

Owner name: PAYPAL, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:EBAY INC.;REEL/FRAME:036159/0873

Effective date: 20150717