WO2003046697A2 - Systemes de paiement pour commerce electronique - Google Patents

Systemes de paiement pour commerce electronique Download PDF

Info

Publication number
WO2003046697A2
WO2003046697A2 PCT/ZA2002/000180 ZA0200180W WO03046697A2 WO 2003046697 A2 WO2003046697 A2 WO 2003046697A2 ZA 0200180 W ZA0200180 W ZA 0200180W WO 03046697 A2 WO03046697 A2 WO 03046697A2
Authority
WO
WIPO (PCT)
Prior art keywords
customer
merchant
bank
message
smart device
Prior art date
Application number
PCT/ZA2002/000180
Other languages
English (en)
Other versions
WO2003046697A3 (fr
Inventor
Valentin Kisimov
Desmond Seeley
Original Assignee
Valentin Kisimov
Desmond Seeley
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Valentin Kisimov, Desmond Seeley filed Critical Valentin Kisimov
Priority to AU2002365598A priority Critical patent/AU2002365598A1/en
Publication of WO2003046697A2 publication Critical patent/WO2003046697A2/fr
Publication of WO2003046697A3 publication Critical patent/WO2003046697A3/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes

Definitions

  • This invention relates to payment systems for electronic-commerce (e- commerce), implementing secure communications and transactions for use over the Internet, i.e. public network.
  • the field of computing generally and particularly in relation to the Internet, is replete with jargon, acronyms and terms and phrases that have specialised meanings that may vary with context and that sometimes are unrelated to their literal construction. Thus, the meanings of some terms used herein are defined in the glossary at the end of this specification.
  • On-line payment systems are the basis of e-commerce.
  • Existing on-line payment systems generally work with customers' credit cards, debit cards or some form of electronic money.
  • Both customer and merchant are at risk when working with credit cards.
  • an e-merchant is exposed to the use of fraudulent credit cards or credit card numbers; this risk may be insured against or losses may be absorbed using appropriate transaction-risk assessment accounting.
  • the customer is at risk in that his credit card number can be used fraudulently if intercepted on the Internet or if accessed from an e-merchant's data store and his financial and possibly also personal details can be sold to or used by marketers against his wishes. Additionally the customer has no guarantee for the delivery of his purchases by an e- merchant.
  • SET A payment or business protocol, known as SET, has been established in order to alleviate some of the risks set out above.
  • SET requires dedicated computer hardware and software and each banking participant to an on-line transaction, i.e. the customer's bank and the e-merchant's bank, must support the SET protocol.
  • the use of SET is currently limited, as relatively few banks have a payment gateway to support the SET protocol.
  • This invention thus seeks to provide a method for conducting e-commerce that at least ameliorates the risks to the e-merchant and customer outlined above in a manner that can be satisfactorily implemented by bank or banking service providers.
  • aspects of the invention are thus concerned with: smart card based payment mechanisms using e-money stored in the e- purse of the smart card; confirmed reputability of electronic merchants (e-merchant) through financial institutions; electronic payment to an e-merchant from a purchaser's banker without transmitting a customer's financial details therewith; hiding all payment messages relating to a particular purchase between a purchaser and his banker from the e-merchant; - hiding all purchase activities between a purchaser and an e-merchant from the purchaser's banker; preventing any of a purchaser's financial data from being stored at an e-merchant's web site; implementing high-security Internet transactions and communications between purchaser, e-merchant and the purchaser's banker; and implementing high-performance and low-cost e-commerce payment mechanisms.
  • One aspect of the invention provides a method of conducting or managing an e-commerce transaction between a customer, an e-merchant and a bank of the customer, the bank having facilities for administering e-money, the e- merchant having an e-commerce website and a public key for encryption of data, the customer having a smart device with an e-purse, the transaction including the active participation of the customer's bank, and communication links being established when required between the customer and the e- merchant, between the customer and his bank and between the e-merchant and the customer's bank, including the steps, in any suitable order, of a) permitting the customer to select at least one purchase from the e- commerce website and, in response thereto, causing at least one message to be sent from the customer to the e-merchant notifying the e-merchant of the selection; b) sending a confirmation message from the e-merchant to the customer, the confirmation message comprising the customer's selection, the public key of the e-merchant, and optionally the cost of the
  • each of the specified steps may include: a. (selecting purchases): the step of electronically or program matically indicating one or more items that are to by purchased or placed in a list or "shopping basket" for delivery when payment has been made to the e- merchant. b. (sending a confirmation message from e-merchant to customer): the steps of the e-merchant collating messages of items to be purchased received from the customer to compile a list of the items ordered with their prices and sending these to the customer with an applet, alone or in a web page, the applet causing the customer's browser to display an order form to be completed and "submitted" to the e-merchant. c.
  • checking reputability of the e-merchant the steps of sending a message from the customer to his bank, the message containing at least the e- merchant's public key and a request that the merchant's public key be signed by the bank and returned to the customer. This is to obtain a digital voucher from the customer's bank, the voucher signifying that in the bank's view the e-merchant is reliable and will in all probability deliver the purchase to the consumer satisfactorily.
  • This step includes the bank checking, using the e-merchant's public key, through its own records and/or through publicly available records that the e-merchant is not on a list of barred e-merchants, such as a Financial Certificate Revocation List (CFL) prepared by financial authorities trusted by the bank or a list prepared by the bank itself. If the bank confirms the e- merchant is reputable, then it does so by signing the e-merchant's public key with the bank's private key and sending the signed order to the customer. The customer is thus able to check the reputability of the e-merchant by verifying the signature of the e-merchant's public key by the customer's bank.
  • CFL Financial Certificate Revocation List
  • the message sent to the bank by the customer is the confirmation message of step b.
  • the reputability of the e-merchant may be authorised or vouched for by another bank in which event the customer's bank sends or passes on that other bank's public key for verification of the signing of the e-merchant's public key. This occurs when and if the customer's bank trusts that other bank. d. (debiting the customer's e-purse) the steps of causing the customer's smart device to perform a calculation to deduct the cost of the purchases from the e-purse and return (or output) a result comprising the cost of the purchase and at least one of the initial or final (i.e. after deduction of the purchase cost) balances available in the e-purse.
  • the functioning of the customer's smart device is driven by a code of the applet.
  • the applet requests appropriate actions from the smart device by sending "smart device commands" to the device.
  • Each smart device command includes operation code, optional data for transmission to the smart device and response from the smart device.
  • Part or all of each smart device command is digitally signed with the e-merchant's private key.
  • the checking of the e-merchant's reputability is executed inside the smart device; if the e- merchant is confirmed as reputable, then the e-merchant's public key is stored temporarily in the customer's smart device.
  • the payment message as a whole is preferably further secured by encrypting it with the public key of the e-merchant to protect the information on the Internet.
  • the information to be encrypted may be split into
  • f. (payment request message from the e-merchant to the customer's bank): the steps of encrypting this message using the public key of the bank and signing by the private key of the customer, which is decipherable only by the bank. This is to prevent the e-merchant altering the payment or fraudulently or illegally access the customer's e-purse or his account at his bank.
  • the e-merchant controls the operation of the method, so that the following is intended to be protected:
  • the operation by an e-merchant of e-commerce management software that performs the steps, in any suitable order, of: a) receiving at least one purchase request from a customer; b) sending at least one applet to the customer; c) sending to the customer the purchase request or a complied list of purchase requests and the e-merchant's public key; d) causing, using the applet, a message to be generated and sent from the customer to the customer's bank requesting the bank to sign the e-merchant's public key and to return same to the customer; and e) activating, using the applet with digitally signed smart device commands, the customer's smart device to cause it to debit the cost of the purchases from the e-purse therein and then cause a message to be generated and sent from the customer to the e-merchant, the message comprising the purchase list, an identification of the customer's bank and summary of the debit from
  • Another aspect of the invention provides a method of conducting or managing an e-commerce transaction between a customer and an e-merchant, the customer having a smart device and a bank associated therewith that has facilities for administering e-money, including the steps, in a suitable order, of a) when required, establishing a communication link between the customer and the e-merchant and, when required, between the e- merchant and the customer's bank; b) selecting purchases by the customer; c) sending a message from the customer to the e-merchant identifying the customer's bank; d) generating a request from the e-merchant to the customer's bank to provide the e-merchant with a digital voucher confirming the reputability of the e-merchant; e) checking the reputability of the e-merchant by the customer's bank and providing, if applicable, a suitable digital voucher to the e-merchant, the digital voucher comprising the e-merchant's public key signed by the bank with its private
  • An aspect of the invention thus provides the operation by an e-merchant of e- commerce management software that performs the steps, in any suitable order, of: a) receiving at least one purchase request from the customer; b) generating a request from the e-merchant to the customer's bank to provide the e-merchant with a digital voucher confirming the reputability of the e-merchant; c) sending a message comprising the digital voucher and the purchase list from the e-merchant to the customer to confirm the reputability of the e-merchant to the customer; d) causing, using digitally signed smart device commands in an applet, the customer's smart device to verify the validity of the digital voucher and thereafter, if valid, to debit the cost of the purchases from the customer's e-purse when the digital voucher is confirmed to be valid; e) causing, using digitally signed smart device commands in an applet, the
  • the operations performed by the customer's smart device and/or computer and by the bank are preferably caused to be performed or are performed by one or more applets sent from the e-merchant to the customer and to the bank, respectively.
  • Techniques for sending and activating applets on client machines are known to those skilled in the art.
  • the "digital voucher” comprises the e-merchant's public key and, optionally a timestamp, all signed by the voucher issuing bank.
  • the digital voucher confirms the reputability of the e-merchant to the customer.
  • time stamps includes, dates, expiry times and/or dates, credit limit data and so on.
  • the authorisation for payment messages referred to above i.e. debiting summary and identification of customer's bank, and sent from the customer to the e-merchant, are preferably encrypted. More preferably the encryption comprises a double encryption, first the part of the message concerned with the customer's financial identification is encrypted using the public key of the customer's bank and then the entire message is encrypted using the public key of the e-merchant.
  • Additional encryption mechanisms may be used, such as those disclosed in South African Patent Nos. 2001/8196 through 2001/8199, hereinafter referred to as "said SA patents".
  • SA patents Preferably, all communications between the customer and the e-merchant; between the customer and his bank; and between the e-merchant and the customer's bank, are also secured and encrypted using the high-security transactional mechanisms disclosed in said SA patents.
  • the reputability of the e-merchant may be checked or established by the bank in a number of ways, such as its own records, a CRL published by a trusted authority, a reference list maintained by or accessible to banks, and the like.
  • Confirmed reputability of an e-merchant by a customer's bank ascribes a higher-level trust to the e-merchant for the customer than checking for existence of the e-merchant in a CRL or financial CRL.
  • the e-merchant must activate a request for the appropriate customer's bank to sign the e-merchant's public key with the bank's private key. Issuing of such confirmed reputability can be done automatically by the customer's bank after it has used appropriate checking of the e-merchant.
  • the e-merchant can activate the request for signing either periodically, for example daily at the beginning of each day, e.g. for a number of banks frequently used by customers for use in the second aspect of the invention, or during the e-commerce process, e.g. for banks that are seldomly or infrequently used, for use in both aspects of the invention.
  • Yet another aspect of the invention provides a method of managing e- commerce transactions by an e-merchant in which a customer has a smart device associated with a bank, including, in a suitable order the steps of. a) in response to a customer order, confirming the reputability of the e- merchant to the customer by generating a digital voucher; b) causing the customer's smart device to verify the validity of the digital voucher and, if valid, to debit the cost of the purchases from the customer's e-purse; c) causing the customer's smart device to generate and send an authorisation for payment message to the e-merchant from the customer; d) requesting payment by the customer's bank to the e-merchant in response to the received authorisation for payment; and e) causing payment of the authorised amount to the e-merchant by the customer's bank.
  • the digital voucher may be generated by the steps of:
  • the digital voucher preferably comprises the public key of the e-merchant digitally signed by the customer's bank.
  • Figure 1 shows schematically a method for conducting e-commerce, with active participation of a customer's bank during a transaction according to the invention
  • Figure 2 shows schematically a system for confirming reputability of an e- merchant in the method of Figure 3;
  • Figure 3 shows schematically a method for conducting e-commerce, without active participation of a customer's bank during a transaction of the invention.
  • Figure 1 illustrates a method of the invention including participation of the customer's bank in a transaction, wherein there is a customer 10 having a smart device 10.1 containing an e-purse 10.2, an e-merchant 12, a bank 14 used by the customer, and the Internet 16.
  • the customer, e-merchant and bank are in communication with one another via the Internet.
  • the method is initiated when the customer using his Internet browser visits an e-merchant's web site, the browser downloading and displaying one or more HTML web pages which contain or are downloaded with applets.
  • the appropriate applet causes this selection to be sent as a message 18 to the e-merchant's site.
  • the message 18 may be sent either immediately with each selection or as a list of purchases in a "shopping basket".
  • the e-merchant receives the message 18 or collection of messages 18, compiles a list of intended purchases and sends a message 20 to the customer.
  • Message 20 comprises the list of purchases made by the customer and the e-merchant's public key.
  • An applet sent with the message 20 causes the customer's browser to check with his bank 14 via sent and received messages 22 whether the e-merchant is reputable. This is done automatically by suitable applets, which amongst other things sends the e-merchant's public key to the bank.
  • the bank checks whether the e-merchant's public key appears on any Certificate Revocation List (CRL) or on any list of permitted e-merchants. If in order the bank signs the e-merchant's public key with its private key and sends the bank issued "digital voucher" to the customer, confirming the e-merchant is reputable in its view.
  • CTL Certificate Revocation List
  • the customer's bank sends the customer the public key of the other bank if it trusts that other bank.
  • the bank validates the existing digital voucher by sending the customer the other bank's public key.
  • an applet causes the e-purse application 10.2 in the smart device 10.1 to verify the e- merchant's public key and then, if in order, to deduct the value or amount of the shopping list from the available e-money in the e-purse. This is indicated by an internal operation 24. Operation 24 is activated when and only when the e-merchant's applet contains smart card commands that are digitally signed by the e-merchant. The smart device automatically and using a suitable applet creates and sends an authorisation for payment message 26 to the e-merchant.
  • Message 26 comprises the customer's bank digital identification and the amount debited from the e-purse, the combination being encrypted using the public key of his bank; the name of the customer's bank in a plain text and, if appropriate, physical delivery details (name, address etc.). The entire message 26 is encrypted using the public key of the e-merchant.
  • the e-merchant in an internal operation 28, decrypts message 26 to obtain the confirmed shopping list and the customer's delivery details, if available; the customer's bank digital identification and customer's digital identification cannot be decrypted by the e-merchant, as they are encrypted with the bank's public key.
  • the e-merchant sends a message 30 to the bank, the message comprising the customer's encrypted data portion.
  • the bank checks the customer's banking details and provides payment 32 to the e-merchant, upon receipt of which the e-merchant arranges delivery of the purchase/s to the customer.
  • this on-line payment method works with three parties, i.e. the customer, the e-merchant and the customer's bank.
  • the customer trusts the e-merchant, because his bank, whom he trusts, issues a digital voucher for the e-merchant.
  • the e-merchant cannot read any financial messages between the customer and his bank, because they are encrypted with the public key of the bank. If the e-merchant stores these details and a hacker obtains access to them, they are unreadable, except for the name of the customer's bank.
  • the bank does not have any e-commerce details, because these are encrypted with the e-merchant's public key and the e-merchant transmits data relating to the purchase value only to the customer's bank.
  • the first step in the process is the generation by the e-merchant of a message 34 requesting each bank to issue a digital voucher to the e-merchant, the digital voucher comprising the e- merchant's public key signed by the bank.
  • Message 34 causes an internal operation 36 in the banks computer to check the reputability of the e- merchant, such as comparing the e-merchant's pubic key against a CRL available to or maintained by the bank and determining a trust level for the e- merchant, such as the value of a transaction that would be authorised, or even vouched for, by the bank.
  • Various algorithms can be developed for checking e-merchant reputability.
  • the bank digitally signs the e-merchant's public key, i.e. adds a time-stamp and encrypts the e-merchant's public key and time stamp with the bank's private key and sends this with a message 38.
  • Arrow 40 indicates a set of possible automatic activities which the e-merchant site performs to have its public key counter-signed by a number of banks.
  • Figure 3 illustrates a method of the invention for conducting e-commerce over the Internet without active participation of the customer's bank during an e- commerce transaction between a customer 10 and an e-merchant 12, the customer having a smart device 10.1, such as a smart card, with an e-purse 10.2.
  • the method starts when the customer accesses the e-merchant's web site and selects one or more items to purchase via his web browser, which sends the selection together with an identification of the customer's bank via message 42 to the e-merchant.
  • the e-merchant's software processes the shopping list and sends a reply message 44 to the customer containing the shopping list, prices of the selected items and its digital voucher, i.e. public key signed by the customer's bank. If the e-merchant does not have its public key signed by the customer's bank, then it obtains a digital voucher from the appropriate bank as a back- end process.
  • an applet causes an internal operation 46 in the customer's smart device to check whether the e-merchant's public key is signed by the right customer bank; the reputability of the e-merchant is now confirmed to the customer's smart device.
  • a second internal operation 48 the e-purse deducts the value of the shopping list from the available e-money in the smart device and forms and sends an authorisation for payment message 50 comprising the customer's bank's digital identification and purchase amount, both encrypted using the public key of his bank, the name of the customer's bank in plain text and delivery details (name, address etc.) if needed, the entire message being encrypted using the public key of the e-merchant.
  • Operations 46 and 48 are activated when and only when the e-merchant's applet contains smart device commands that are digitally signed by the e-merchant.
  • the e-merchant decrypts the authorisation for payment message using its private key to obtain the delivery details and name of the customer's bank.
  • the transaction is completed by the e-merchant sending the customer's encrypted data to the customer's bank 52, which data is decrypted using the bank's private key and checked 36, and the bank providing payment to the e- merchant 54.
  • this on-line payment method works actively with the customer and the e-merchant and passively with the customer's bank.
  • the customer trusts the e-merchant, because his bank creates a better trusted model, called "e- merchant's confirmed reputability", which to some extent results from checking the existence of the e-merchant's public key in a CRL.
  • the e- merchant's reputability can be created in off-line mode with respect to the customer (for example at the beginning of the day), whereby the entire on-line payment method needs to embrace only two parties, i.e. the customer and the e-merchant.
  • the e-merchant cannot read any financial messages between the customer and his bank, because they are encrypted with the public key of the bank.
  • the privacy of the customer's banking and e-commerce details are preserved as described above.
  • the presented methods for payment contain all benefits of the SET protocol, while being robust and elegant in the sense of requiring minimal messages to be transmitted and minimal involvement of each bank as far as software, hardware and network bandwidth are concerned.
  • These methods provide the following benefits: No credit card or other financial information of the customer is sent through the Internet. Only the customer's bank's digital identification is sent on the Internet and then it is suitably encrypted, e.g. triple encrypted with three different algorithms and suitable keys, such as those disclosed in said SA patents. All of the customer's security algorithms are executed inside his smart device, not on his PC or by an applet. The e-merchant is not given and so cannot posses the customer's banking and financial details. All messages are digitally signed.
  • “smart device” means a device, such as a smart card, integrated circuit chip device, controllers in pervasive computing devices (see below) and the like that may exist or be developed, that includes a processor, a non- volatile memory (e.g. ROM, EEPROM, mini-disk), a volatile memory (RAM), and an operating system and that can store and process data sequentially or based on rules.
  • ROM read-only memory
  • RAM volatile memory
  • Such devices may be viewed as intelligent plastic debit/ credit cards capable of being used for more functions and on wider scale, although currently used to a limited extent for identification and storing information.
  • Such device may also be viewed as a micro-computer containing different programs with possible inter-operability between them.
  • a feature of such devices is that data stored securely in the device, e.g.
  • Activation means entry of a suitable identification, such as a PIN code, biometric data, etc.
  • “pervasive computing” means the use of mobile devices, such as cellphones, so called “palm computers”, etc., able to provide computing services anywhere and any time. Such devices are evolving rapidly, becoming more intelligent and embodying advanced smart devices and processors.
  • protocol means a digital language of data packets used by computers to communicate with one another over a network, such as a public network like the Internet, a local area network (LAN), a wide area network (WAN), a cell network, satellite linked network and the like.
  • security protocol means a protocol in which the data packets are encrypted using an algorithm. Various security protocols exist, these being generally classified according to the basic protocol.
  • private key means a unique set of digital characters, personal to each owner and usually assigned by a verification authority. A private key acts as a digital signature and may be used for decryption and signing.
  • public key means a unique set of digital characters associated with a private key and used to encrypt messages, the messages being decryptable using the corresponding private key only.
  • a public key may also be used to verify a digital signature.
  • digital certificate means a form of digital identification containing the holder's key (or set of bits) assigned by a trusted authority, such as Verisign, that uniquely identifies the certificate holder and by means of which the identity of the holder can be authenticated via the trusted authority.
  • signal means to encrypt a message with the private key of the sender to identify the sender. (See verify).
  • verify means to decrypt a signed message using the public key of the sender, either already held or obtained from a trusted authority, to confirm the identity of the sender and that the message originated from the sender.
  • Encrypt means to modify a message or each byte or data packet in a message using a key, the modified message being able to be decrypted using a suitable key.
  • Asymmetrical encryption uses a public key for encryption and the corresponding private key for decryption.
  • Symmetrical encryption uses a secret key for encryption and decryption.
  • e-money or means the electronic equivalent of physical money, the e- money being guaranteed by a financial institution that, ultimately, delivers the physical money equivalent to a designated payee.
  • e-merchant is a business offering goods and/or services for sale or hire on an Internet web site in return for payment by e-money.
  • e-commerce means the Internet activity of an e-merchant selling or hiring goods and/or services to customers in exchange for e-money.
  • e-purse is an application in a secure data store, such as a smart device, that holds e-money or personal details or access thereto.
  • application is a program, usually small, compact and often signed, comprising operators that is sent from one computing device (host) to another (client) and that runs on or in an application running on the client. The operator may display a message, perform software steps and/or return a result to the sender.
  • the host is a web server application and the client is a web browser, the applet running automatically within web browser.
  • Internet applets are usually sent when the user of the browser accesses a web site which sends a web page to the client, the web page containing instructions and data in a suitable form, such as in hypertext markup language (HTML), for activating the applet.
  • HTML hypertext markup language

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un matériel et un procédé de gestion de transactions commerciales électroniques mis en oeuvre par un commerçant en ligne, un client possédant un dispositif intelligent associé à une banque. Ce procédé comprend les étapes se déroulant dans l'ordre suivant: (a) en réponse à une commande de client, confirme au client l'accréditation du commerçant en ligne par génération d'une pièce justificative numérique, (b) entraîne la vérification de la validité de cette pièce justificative numérique par le dispositif intelligent du client et, si celle-ci est valable, débite le coût de l'achat du porte-monnaie électronique de ce client, (c) entraîne la génération et l'envoi par le dispositif intelligent du client d'une autorisation de message de paiement au commerçant en ligne émanant de ce client, (d) demande le paiement au commerçant en ligne par la banque du client en réponse à l'autorisation de paiement reçue et, (e) entraîne le paiement du montant autorisé au commerçant en ligne par la banque du client.
PCT/ZA2002/000180 2001-11-30 2002-11-18 Systemes de paiement pour commerce electronique WO2003046697A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002365598A AU2002365598A1 (en) 2001-11-30 2002-11-18 E-commerce payment systems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA200109880 2001-11-30
ZA01/9880 2001-11-30

Publications (2)

Publication Number Publication Date
WO2003046697A2 true WO2003046697A2 (fr) 2003-06-05
WO2003046697A3 WO2003046697A3 (fr) 2006-06-22

Family

ID=25589389

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ZA2002/000180 WO2003046697A2 (fr) 2001-11-30 2002-11-18 Systemes de paiement pour commerce electronique

Country Status (3)

Country Link
AU (1) AU2002365598A1 (fr)
WO (1) WO2003046697A2 (fr)
ZA (1) ZA200209009B (fr)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7895080B2 (en) 2002-11-19 2011-02-22 Omnicom Holdings Inc. Apparatus and method for facilitating the selection of products by buyers and the purchase of the selected products from a supplier
WO2013006725A2 (fr) * 2011-07-05 2013-01-10 Visa International Service Association Appareils, procédés et systèmes de plate-forme de paiement pour porte-monnaie électronique
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10154084B2 (en) 2011-07-05 2018-12-11 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US10223691B2 (en) 2011-02-22 2019-03-05 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10262001B2 (en) 2012-02-02 2019-04-16 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US10586227B2 (en) 2011-02-16 2020-03-10 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US10825001B2 (en) 2011-08-18 2020-11-03 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US11037138B2 (en) 2011-08-18 2021-06-15 Visa International Service Association Third-party value added wallet features and interfaces apparatuses, methods, and systems
US11288661B2 (en) 2011-02-16 2022-03-29 Visa International Service Association Snap mobile payment apparatuses, methods and systems

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997049054A2 (fr) * 1996-06-17 1997-12-24 Verifone, Inc. Systeme, procede et article de fabrication pour declencher la distribution d'un logiciel a partir d'un point de creation d'un certificat a l'aide d'un systeme extensible et flexible
WO1998014921A1 (fr) * 1996-10-04 1998-04-09 Certco, Llc Paiement et transactions dans un systeme de commerce electronique
US6076078A (en) * 1996-02-14 2000-06-13 Carnegie Mellon University Anonymous certified delivery
EP1017030A2 (fr) * 1998-12-29 2000-07-05 International Business Machines Corporation Protocol de paiement par crédit/débit pour quatre participants
US20010039535A1 (en) * 2000-02-09 2001-11-08 Tsiounis Yiannis S. Methods and systems for making secure electronic payments

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6076078A (en) * 1996-02-14 2000-06-13 Carnegie Mellon University Anonymous certified delivery
WO1997049054A2 (fr) * 1996-06-17 1997-12-24 Verifone, Inc. Systeme, procede et article de fabrication pour declencher la distribution d'un logiciel a partir d'un point de creation d'un certificat a l'aide d'un systeme extensible et flexible
WO1998014921A1 (fr) * 1996-10-04 1998-04-09 Certco, Llc Paiement et transactions dans un systeme de commerce electronique
EP1017030A2 (fr) * 1998-12-29 2000-07-05 International Business Machines Corporation Protocol de paiement par crédit/débit pour quatre participants
US20010039535A1 (en) * 2000-02-09 2001-11-08 Tsiounis Yiannis S. Methods and systems for making secure electronic payments

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7895080B2 (en) 2002-11-19 2011-02-22 Omnicom Holdings Inc. Apparatus and method for facilitating the selection of products by buyers and the purchase of the selected products from a supplier
US10586227B2 (en) 2011-02-16 2020-03-10 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US11288661B2 (en) 2011-02-16 2022-03-29 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US10223691B2 (en) 2011-02-22 2019-03-05 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US11023886B2 (en) 2011-02-22 2021-06-01 Visa International Service Association Universal electronic payment apparatuses, methods and systems
WO2013006725A2 (fr) * 2011-07-05 2013-01-10 Visa International Service Association Appareils, procédés et systèmes de plate-forme de paiement pour porte-monnaie électronique
WO2013006725A3 (fr) * 2011-07-05 2013-04-11 Visa International Service Association Appareils, procédés et systèmes de plate-forme de paiement pour porte-monnaie électronique
US11900359B2 (en) 2011-07-05 2024-02-13 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10121129B2 (en) 2011-07-05 2018-11-06 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10154084B2 (en) 2011-07-05 2018-12-11 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US11010753B2 (en) 2011-07-05 2021-05-18 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10419529B2 (en) 2011-07-05 2019-09-17 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US10825001B2 (en) 2011-08-18 2020-11-03 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US11397931B2 (en) 2011-08-18 2022-07-26 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10354240B2 (en) 2011-08-18 2019-07-16 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US11803825B2 (en) 2011-08-18 2023-10-31 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US11010756B2 (en) 2011-08-18 2021-05-18 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US11037138B2 (en) 2011-08-18 2021-06-15 Visa International Service Association Third-party value added wallet features and interfaces apparatuses, methods, and systems
US11763294B2 (en) 2011-08-18 2023-09-19 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US11354723B2 (en) 2011-09-23 2022-06-07 Visa International Service Association Smart shopping cart with E-wallet store injection search
US10430381B2 (en) 2012-02-02 2019-10-01 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia centralized personal information database platform apparatuses, methods and systems
US11074218B2 (en) 2012-02-02 2021-07-27 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US11036681B2 (en) 2012-02-02 2021-06-15 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia analytical model sharing database platform apparatuses, methods and systems
US10262001B2 (en) 2012-02-02 2019-04-16 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US10983960B2 (en) 2012-02-02 2021-04-20 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia centralized personal information database platform apparatuses, methods and systems

Also Published As

Publication number Publication date
AU2002365598A1 (en) 2003-06-10
AU2002365598A8 (en) 2003-06-10
ZA200209009B (en) 2003-06-10
WO2003046697A3 (fr) 2006-06-22

Similar Documents

Publication Publication Date Title
JP6426537B2 (ja) 電子決済システム、および電子決済管理装置
JP5638046B2 (ja) コンピュータ・ネットワーク上において行われる購買を許可する方法およびシステム
US9038886B2 (en) Verification of portable consumer devices
US8744938B1 (en) Secure single-use transaction numbers
CN108476227A (zh) 用于设备推送供应的系统和方法
US20030154376A1 (en) Optical storage medium for storing, a public key infrastructure (pki)-based private key and certificate, a method and system for issuing the same and a method for using
US20070170247A1 (en) Payment card authentication system and method
US20020032649A1 (en) High-security E-currency IDs for E-commerce transactions
JP2004527861A (ja) 安全な現金を使用しない支払取引を行うための方法および現金を使用しない支払システム
KR100715359B1 (ko) 모바일 결제 인증 시스템 및 방법
US7107242B1 (en) Electronic transaction security method
KR980004159A (ko) 무선통신 단말기를 이용한 무선망 전자거래 시스템
CN104732379A (zh) 安全支付系统
EP0848343A2 (fr) Système d'achats
WO2003046697A2 (fr) Systemes de paiement pour commerce electronique
WO2007001239A1 (fr) Actualisation d'un dispositif de paiement mobile
KR100598573B1 (ko) 스마트카드를 이용한 일회용 카드정보 생성 및 인증방법그리고 이를 위한 시스템
JP5160003B2 (ja) 決済管理装置,プログラム,記憶媒体,管理方法,クライアント装置,処理方法,およびデータ記憶装置
WO2001011515A2 (fr) Procede et systeme permettant de faire des paiements electroniques anonymes sur le web
CN107636664B (zh) 用于向移动设备供应访问数据的方法、设备和装置
WO2002091144A1 (fr) Procede de transactions securisees au moyen de deux reseaux public
KR100766680B1 (ko) 은행의 계좌이체 기능을 이용한 지불시스템 및 그의 온라인 전자상거래 지불서비스 방법
US20020035694A1 (en) Method and apparatus for anonymous remote transactions
KR20020021413A (ko) 케이블 텔레비전 시스템 및 결합된 엔터테인먼트 단말을매개로 전자 상거래 및 쇼핑을 제공하기 위한 방법 및시스템
WO2002001517A1 (fr) Procede pour effectuer des transactions commerciales electroniques

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP