WO2010012094A1 - System and method for providing a secure network on another secure network - Google Patents
System and method for providing a secure network on another secure network Download PDFInfo
- Publication number
- WO2010012094A1 WO2010012094A1 PCT/CA2009/001070 CA2009001070W WO2010012094A1 WO 2010012094 A1 WO2010012094 A1 WO 2010012094A1 CA 2009001070 W CA2009001070 W CA 2009001070W WO 2010012094 A1 WO2010012094 A1 WO 2010012094A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- operator
- acquirer
- network
- terminals
- central server
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
- G07F19/208—Use of an ATM as a switch or hub
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Definitions
- the present invention provides a system and method for providing a closed or secure network on another closed or secure network. More specifically, the present invention provides a system and method for enabling an operator of a closed or secure network to operate over a terminal network without compromising the closed nature of either network.
- EFT devices at the point of sale referred to as any of, EFT- POS devices, PIN Pads, chip and PIN card readers, signature terminals, payment devices, or authorization terminals (collectively referred to herein as "terminals"), are widely deployed to end user locations with merchants and retail outlets. These terminals at the point of sale enable customers to transact with merchants using a secure payment means, such as a credit card or bank debit card.
- Typical terminals include various card readers for example magnetic stripe readers, smart card readers and/or contactless device interface readers, for example RFID readers.
- Some terminals have in-built printers. Some terminals interface and have connectivity with the point of sale electronic cash registers.
- the terminals have user interfaces which include various screens, touch-screens, keypads and/or stylus pens for touch screen signature capture.
- the terminals are tamper proof and support several security services and are typically capable of authenticating a secure personal identification number using cryptographic techniques including an encrypted keypad and encrypted messaging.
- the terminals typically support peripherals and related messaging with controllers, electronic cash registers, bar code readers, optical mark sense readers and printers.
- the terminals are primarily used for initiating electronic funds transfer.
- the REPS execute point of sale payments that are completed spontaneously at a location other than the acquirer.
- the REPS is comprised of: credit card systems, Electronic Funds Transfer (EFT) systems primarily deployed for debit card processing, and cash acceptance and bill payments systems.
- Major payment functions include: authorization and customer credit and debit card transactions, capture of sales draft information over a secured network.
- terminals and REPS provide a far reaching established network, however the network is operated by an acquirer, which could for example be a bank or other financial institution. Therefore, the acquirer has control and access to all devices and data communicated over its network.
- Lotteries have a pressing need to increase the quantity of points of sales and expand into new sales channels to follow consumer spending locations and demographic segments.
- a primary driver of lottery sales is the density and consumer convenience of the lottery sales terminal. Expanding access points is limited by the cost of the dedicated full service terminals requiring retailer high minimum weekly sales and/or the availability the full service terminals.
- lottery operators are constrained in their ability to leverage existing networks owned by others, as there is a high sensitivity of data communicated during lottery transactions, coupled with the reluctance of the REPS to permit access by others which may compromise REPS security.
- US patent publication 20030228910 discloses a lottery management system.
- a means is provided for connecting a third party device with a lottery network.
- this invention merely connects a foreign device to a lottery network through a connectivity network.
- the third party device and its connectivity network may be either open for installing applications/connectivity or under the control of the lottery operator or its player-customer. It does not overcome the limitation that the data is available to the foreign network operator or attackers.
- What is required is a system and method for enabling one or more operators to leverage one or more networks of terminals operated by one or more acquirers without compromising the performance or security of the closed nature of either network.
- Multiple operators need to communicate with multiple acquirers. Sometimes an operator may legally only communicate to a subset of the acquirer's terminals.
- the present invention provides a system for linking at least one acquirer network operating a closed network to at least one operator, the acquirer network including one or more terminals and optionally an acquirer server, the system characterized by a central server linked to the acquirer network and to the operator, the central server configurable to communicate with at least a subset of the one or more terminals, and also with the operator, and to establish one or more communication links between the operator and the one or more terminals, wherein the central server acts as a trusted intermediary between the acquirer network and the operator for enabling the operator to communicate with the one or more terminals via the closed acquirer network.
- the present invention also provides a computer-network-implementable method for linking at least one acquirer network operating a closed network to at least one operator, the acquirer network including one or more terminals and optionally an acquirer server, the method characterized by: (a) linking a central server to the acquirer network and to the operator; and (b) configuring, or facilitating the configuring, by one or more computer processors, the central server to communicate with at least a subset of the one or more terminals, and also with the operator, and to establish one or more communication links between the operator and the one or more terminals, so as to enable the central server to act as a trusted intermediary between the acquirer network and the operator for enabling the operator to communicate with the one or more terminals via the closed acquirer network.
- FIG. 1 illustrates an example system in accordance with the present invention.
- FIG. 2 illustrates the central server linked to a plurality of client/server architectures providing a plurality of sub-networks within the linked network.
- FIG. 3 illustrates a plurality of business use cases for one implementation of the invention wherein the operator is a lottery commission.
- FIG. 4 further illustrates particular business use cases for one implementation of the invention wherein the operator is a lottery commission.
- FIG. 5 illustrates the context of four subsystems of the invention wherein it is implemented as a lottery sales system.
- FIG. 6 illustrates an example of a print-out of a lottery entry ticket of the terminal resulting from an example usage of the lottery application.
- the present invention enables a closed network (as defined below) to operate on the network infrastructure of another closed network. More specifically, the present invention enables an operator (e.g. a lottery corporation - see below) to exchange communications with one or more network devices (e.g. terminals as described below) associated with an acquirer's network (e.g. a financial institution's electronic payment network) despite the closed aspect of the acquirer network, for example because of security requirements associated with the acquirer network.
- the present invention enables the linking of the operator network and the acquirer network for communication between them, and specifically between acquirer's network devices and one or more servers associated with the operator, without compromising the closed nature, security and performance of either network.
- a range of security services provided in accordance with the present invention enable device authentication, data origination authentication, and entity authentication, thereby maintaining data privacy and integrity as particularized below.
- the acquirer generally require device and data origination authentication while the operator require entity authentication (e.g. of a user of an acquirer terminal), which provides non-repudiation for transactions with the operator, and involving one or more of the acquirer's terminals by operation of the linking of the acquirer network and operator network (or network components of such networks), as described herein.
- entity authentication e.g. of a user of an acquirer terminal
- said linking of the operator network and acquirer network is achieved by the central server described below, which acts as a trusted intermediary to enable the communications referred to above between the operator and one or more terminals, across the acquirer network.
- the system of the present invention comprises: (a) an acquirer network 4; (b) an operator network 24; (c) a central server 5 operated by a trusted third party; and (d) a plurality of terminals 1.
- Security services 7 may be provided by the central server 5 or by a security server linked to the central server 5.
- the acquirer network 4 and operator network 24 may be closed networks and need not share any data between themselves.
- “Closed” network in this disclosure means that third parties may not access, load applications or communicate with the network's devices except with the network owner's participation, approvals and/or certifications.
- an “acquirer” means a network owner or administrator, for example a bank or other financial institution, that provides merchants with transaction processing means including terminals. It is contemplated that an acquirer may subcontract certain aspects of its role as acquirer to one or more processors.
- the acquirer network 4 is operated by an acquirer;
- the operator network 24 is operated by an operator; and
- the central server 5 is operated by a trusted third party.
- any other operation model could be provided for these components.
- the central server 5 provides a mechanism for linking the operator network 24 with the acquirer network 4, enabling the two closed networks to be linked such that the operator network 24 and related operations are extended to the acquirer network 4, or part thereof permitted by the acquirer and the operator.
- the linked or combined network, provided in accordance with the invention, and providing the access thereto to the operator as described herein may be referred to as a "linked network" in this disclosure, part of which is actually the acquirer network 4, but in relation to which the present invention enables the operator or its designates to "piggyback".
- the operator network 24 communications by operation of the present invention, can ride over the acquirer network 4, or selected portions thereof.
- This linking of the closed networks is enabled while maintaining acquirer's security services including data origination authentication, and maintaining the operator's security services including the ability to authenticate terminals for the purposes of merchant transactions based on its own authentication procedures.
- the present invention enables the operator to apply its security services and its user authentication procedures, including on the acquirer network 4, as further particularized below.
- merchants may also operate their own networks of terminals, for the purposes for example of cost reduction (transactional costs) and to facilitate functionality that terminals provided by the financial institution may not permit, in which case for the purposes of the invention the merchant networks are part of the acquirer network with respect to enabling communications with the operator.
- the merchant's network may also be a closed network in which case the acquirer network comprises both the financial institution's closed network and the merchant's closed network.
- the merchant networks, including the terminals may have their own authentication requirements.
- the security services described below may include enabling the merchant's authentication requirements to be addressed for enabling communications between the merchant terminals and the operator via the merchant network and the financial institution's network.
- the central server 5 is operated by a trusted third party to facilitate security and privacy services so that acquirers and operators cannot access other parties' data.
- the operator does not have access to modify the central server 5, although there may be a mechanism for enabling the operator to provide business data updates and other content to the central server 5.
- the central server 5 enables certain security services 7 in relation to the communications being routed through the central server 5.
- the operator network 24 may be linked to the acquirer network 4 by the central server 5 and could be further linked by the acquirer server 3 or another device, for example a switch 25, approved by the acquirer for routing, and may bypass the acquirer server 3 for certain transaction messages. For example, if the operator has provided its applications with signed code for use on the acquirer network 4, the acquirer may not require that the operator network 24 be linked to the acquirer network 4 by the acquirer server 3.
- a plurality of terminals 1 are deployed to one or more retailers or other end user locations 2.
- the terminals 1 define nodes on both closed networks and are typically deployed by the acquirer.
- the central server 5 controls access to the operator network 24 by the terminals 1.
- the central server 5 can be configured to enable the operator to access all or a subset of the terminals 1 , enabling the operator to select which terminals 1 it wishes to provide connectivity.
- a terminal application 17 is delivered to the terminals 1, for example by operation of a network management system operated by or for the acquirer, which is operable to deliver application code to the terminals 1.
- any application code must be accepted by the acquirer prior to distribution to the terminals 1, which acceptance may include a certification process with application code signing in order to enable loading and installing the terminal application 17, and interoperation of the terminals 1 with the acquirer network 4, using the terminal application 17 and data origination authentication provided by the acquirer network 4.
- the terminal application 17 provides user authentication whereby a user of the terminal 1 enables the operator to operate its network on the acquirer network 4. In other words, the terminal application 17 enables the terminal 1 to be used on the operator network 24 by authenticating the user of the terminal 1 by way of services of the central server 5.
- the terminal applications 17 configure the terminals 1 to provide the communication methods of the present invention.
- the terminal application 17 leverages the resources of the terminal 1 on which it resides and communicates with the acquirer network 4 and the central server 5.
- the terminal applications 17 also receive from the central server 5 business documents 10, transaction sets 11, dynamic data 12, updates 13 to programming, and additional programming code to enable the communications described for the operator network 24 over the acquirer network 4.
- the acquirer servers 3 do not perform any the operator's business processes.
- Each terminal application 17 comprises: (a) a messaging utility 18 for enabling the exchange of communications with the central server 5; (b) security layers 19 with optionally a data origination authentication utility and device authentication for authenticating the terminal to the acquirer server 3, particularly in a client/server implementation of the terminals where the terminal 1 is the client to the acquirer server 3; (c) a controller/handling and processing layer 20 for processing the transactions whether based on instructions that are part of the terminal application 17, or instructions provided dynamically by the acquirer server 3; (d) a user authentication layer 21 directed to the operator, and operable to authenticate an authorized user of the terminal 1 to the operator server 6, whether directly or indirectly by operation of the central server 5 as an authentication intermediary; and (e) a presentation layer 23 and user interface linked to the handling/processing layer for interacting with the user interfaces including keypad, displays, touch screens and printing etc.
- terminal application 17 may supplement the existing or proprietary application provided on the terminal 1 by the terminal manufacturer or the acquirer, in which case it could be executed along side or over top of the existing or proprietary application, or is executed by the existing or proprietary application.
- the terminal application 17 can replace the existing or proprietary application, by including in terminal application 17 the functionality of the proprietary application.
- the terminal application 17 may include additional functionality or features. For example it may be desirable to include in the terminals 1 used in connection with the present invention (whether by operation of the terminals or the terminal application) functionality that prevents unauthorized third parties from accessing the terminals 1 or the terminal application 17 for the purpose of "listening" by using a known security technique for this purpose and thereby capturing transaction data processed by operation of the terminals.
- the central server 5 manages and provides a number of services including security 7 and procurement services 6 and the communications between the terminals 1 and the operator server 6. The functions of the central server 5 are further described below.
- the central server 5 is linked to a plurality of such client/server architectures providing a plurality of sub-networks within the linked network, as best illustrated in
- Each client/server architectures includes a plurality of terminals 1, usually associated with a single acquirer, and at least one acquirer server 3 to facilitate operation of the operator network using the acquirer network 4.
- the terminals 1 are linked to the acquirer server 3 for the purpose of managing communications associated with the operator server 6, but via the acquirer network 4, with the central server 5 acting as the trusted intermediary between the acquirer network 4, or network portion that is part of the linked network, and from an operator's perspective, the operator's closed network.
- Security services 7, for the benefit of the operator, are provided by the central server 5 or a central security server linked to the central server 5, or made part of the central server 5 by including security functions therein.
- Another operator security server may be associated with the operator server 6.
- Security services for the operator described herein could alternatively be provided by an operator security server, with the central server acting as an intermediary, or may be distributed between the central server's central security server and the operator security server. Details regarding the security services are provided below.
- the central server 5 is linked to one or more databases 9.
- the databases 9 include at least one catalogue associated with each operator.
- the catalogue is best understood as a compilation of computer files associated with specific offerings of a particular operator.
- the catalogues 9 includes a list of such specific offerings, captured as "business documents" 10.
- the business documents 10 are generated, for example by operation of the central server 5, based on the operator's specific business data provided, embodying data and processes associated with a specific offering and any related transactions.
- the operator's business data may include dynamic data, application code, configuration data and other objects required to process transactions by the operator, associated with the communications directed over the linked network. An example of business data and generation of business documents 10 is provided below.
- the business documents 10 may include the parameters for the communications between the terminals 1 and the operator network 24 over the acquirer network 4 that is associated with a particular operator, for example content, processing or security aspects for enabling the operation of the operator network 24.
- the particular authentication parameters for accessing the operator network 24 and communicating messages on the operator network 24 are established by the operator.
- the acquirer provides device and data origination authentication while the operator provides entity (or user) authentication.
- These authentication measures provide data privacy and integrity.
- the business documents 10 form the basis for developing transaction sets 11 for the terminal application 17, or particular iterations or configurations thereof for particular sub-networks associated with specific operators, as described above.
- the business documents 10 may be used to assist in the development of terminal applications 17 acceptable to particular acquirers, thus for example reducing the cost of achieving code acceptance of the terminal application 17, which is often a prerequisite for distribution of the terminal application 17 to terminals 1 controlled by a particular acquirer.
- the business documents 10 may be embodied in transaction sets 11 implemented to the terminals 1 by inclusion in terminal application 17 iterations or configurations distributed by or for the associated acquirer.
- the transaction sets 11 in effect, by this process, embody the business data, thereby enabling the terminal to be integrated with the terminal-to-operator transaction process. Again, this aids in implementation of the invention to particular operator requirements, and particular operator network 24 and acquirer network 4 conditions.
- the terminal application 17 is operable to create a message whose content is permitted by the acquirer network 17, but in effect determined by operator as enabling a specific operator offering or related transaction.
- the actual content of the message conforms to requirements of the operator in accordance with its business data. These requirements are provided by the operator as business data, which include business rules relating to functions the operator wants to provide using the operator network 24.
- the resulting message is communicated to the central server 5 and, if it conforms with the catalogue, may be further routed to the operator server 6 or, if it does not conform with the catalogue, may be rejected.
- the message is received for processing by the operator server 6 but may first be routed to the security services 7 for authentication, and then opened (after application of security services 7), and acted on by the operator server 6.
- the operator server 6 acts on the contents of the message in accordance with its business data and may send a message back to the terminal following the same steps in reverse order.
- the present invention therefore, enables the operator network 24 to operate on the acquirer network 4 while ensuring the confidentiality and integrity of data between a point of sale user and the operator.
- the present invention also provides end to end authentication from the user of the terminal 1 (e.g. personnel of merchant where a terminal authorized for transactions with the operator is located) to the operator server. End to intermediate authentication is possible as well, specifically to the central server 5.
- the acquirer network 4 is comprised of one or more terminals 1 deployed to end user locations, for example retailers, and may include a financial server for processing financial transactions. Many solutions are known for configuring the acquirer network 4.
- An acquirer is responsible for capturing and routing transactions via the processing network switches to the appropriate service entity in accordance with its financial network implementation. Data transmitted over the acquirer network 4 should not be accessible by the operator.
- terminal 1 and acquirer server 3 levels (herein referred to as "client/server").
- client/server The specifications from one terminal 1 to another can vary greatly, for example with respect to connected and supported peripherals 22, sizes of key pads and screens, screen resolution, screen size, touch screen capability, security/authentication capabilities, etc.
- Each merchant associated with a terminal may also have its own requirements, for example how terminals 1 link to cash registers, whether the terminal 1 is integrated to the cash register or not, peripherals the merchant requires, for example outboard printers, whether a merchant logo appears on a print out generated by the terminal, prompts applicable to a merchant's transactions, controls at merchant level, for example which personnel are authorized for particular types of transactions.
- the terminal application 17 includes programming that enables interoperation with the various hardware, middleware, and software enabling terminal functions; the terminal application 17 embodies the business data via the business documents 10; and the terminal application 17 also embodies specific requirements of the acquirer including for example for data authentication (including possibly authentication of the terminal although this is typically addressed by components already provided on the terminal and with which the terminal application interoperates).
- the central server 5 provides a mechanism for linking the operator network 24 and the acquirer network 4, enabling the two closed networks to be linked as describe above.
- the central server 5 is linked to a server application 8, which manages communications between the terminals 1 and the central server 5.
- the central server 5 performs security services and business transactions associated with the operator.
- the operator provides specific business data and the terminal and acquirer network support specific networking communications and application transaction sets 11.
- the business data is applicable to the operator network 24 and not to the acquirer network 4, whether the terminals 1 or the acquirer servers 3. And yet there is a need for transactions sets, implemented at the client/server layers that conforms to the business data. Business data can change over time, as explained more fully below. With this variation, there is a need for an efficient approach to building and maintaining the client/server code, and processing code signing by the acquirer.
- the central server 5 pulls the business data, for example from the operator server 6, or the business data is pushed to the central server 5.
- the central server 5 interprets the business data and transaction sets 11 by the following transformations, which could be provided by a translation engine or data mirroring technique.
- the central server 5 may provide a first business services interface to the operator network 24, having operator business processes, and a second business service interface to the acquirer network 4 which has acquirer business processes, to provide the transformation and transportation of business documents 10 and related business data.
- the central server 5 supports transaction sets 11 between a terminal 1 and the operator server 24 by enabling the transformation and transport of the transaction sets 11 and business data between the operator network 24 and acquirer network 4 and terminals 1.
- the transaction sets 11 are a business process with business data.
- the central server first transforms business data to map to traditional printed business documents in the form of business documents 10.
- the business data includes information regarding the business processes and transactions provided by the operator and more particularly informs the central server of the operator's possible transactions.
- the business data may include lottery host games and draw types, draw matrices, validity times, valid prices, etc. and the resulting business documents may include catalogue, order response, order change, order cancellation, dispatch ticket, receipt advice.
- the business data may be analyzed by the central server to generate a set of business documents that provide information about the transactions.
- the central server 5 next transforms these business documents 10 to map to specific terminal secure procurement transaction sets 11 and processes.
- transaction sets 11 include: requesting-activity partner/role (for example a user of a terminal), requesting-activity business document (for example an order) with business data, responding-activity partner/role (for example an operator), and responding-activity document (for example an order response) with business data.
- the operators may have legacy business data, which may not be recognizable to the acquirer network 4 or supported by the terminals 1.
- the central server 5 supports the transaction sets 11 by ensuring the business documents 10 and business data is transformed and transported appropriately to each of the request and responding parties via their respective business service interfaces.
- the central server 5 can use a baseline standard set of business documents 10 and has means for transforming an operator's business data appropriately to and from business documents 10.
- the central server can transform the business documents 10 to be appropriate for a specific acquirer network's transport protocol, format and terminal applications.
- the security services 7 linked to the central server 5 may also provide additional security for interfacing to operators and acquirers.
- the functionality of the central server 5, including the business documents 10, and the design of the terminal application (or its iterations) as described above provides a platform to which developers may build terminal application iterations or configurations that either can be updated readily to address operator driven changes to business data (for example by operation of an update utility 14) or to enable efficient deployment of the multiple terminal application instances based on the merchant/merchant location/acquirer/operator variations that can occur, as further illustrated in examples below.
- This can be enabled by providing operators with the tools for providing up to date business data and by providing tools to developers to make it easier to roll the system out.
- FIG. 3 illustrates a plurality of business use cases for one implementation of the invention wherein the operator is a lottery commission.
- FIG. 4 further illustrates particular business use cases.
- a plurality of business use cases may be developed based on a developer mapping a transaction flow to a plurality of steps.
- the present invention provides a system for enabling the mapping to carry out the cases based on developer notes.
- the first step is to enable on the central server 5 links to the operator server 6. These links are created for the purpose of obtaining current business data. Push and pull architectures may be used, and preferably both are possible because of variation at the operator system level as well.
- Business documents 10 may then be created by the central server 5. The business documents 10 may be used to build iterations or configurations of the terminal application and/or server application; as a result the terminal application and/or server application are operable to process a series of transaction sets 11 at the terminal, the transaction sets 11 consistent with the business data.
- the application code for the terminal application 17 and server application 8 may then be signed by the acquirer, enabling security for data authentication (including the ability to activate a digital signature, enter a pin and other security aspects effectively used by the operator, even though the data is invisible to the acquirer).
- the code may then be distributed by or for the acquirer to the terminals 1 that the operator has signed up for.
- the operator then may generate credentials for authentication of users of the terminals 1 permitted by the merchants and/or operator.
- the central server 5 receives from the operator server 6 a set of business data and is operable to create and edit business documents 10 to facilitate the following set-up steps for the central server 5 to execute at run time.
- the central server 5 creates, reads or updates the operator specific business data and transforms it into business documents 10.
- the central server also provides transaction sets 11 for the acquirer network 4. These transaction sets 11 will be transferred from the central server 5 over the specific acquirer network 4 to the terminals 1.
- the business documents 10 and transaction sets 11 provide quality assurance and template checklists for the different sets of operator specific business data within the central server 5.
- Business documents 10 examples include orders and order responses.
- business services particular to each acquirer including user credentials are provided from the terminal to the central server over the acquirer network. These business services enable the transformation of the business documents 10 to transaction sets 11 using the acquirer's specific protocol and formats. The business services to enable this transformation are formatted into a message which is supported for "transport" by the acquirer network 4 to enable the terminals 1 to initiate transformation of business documents 10 to the required transaction sets 11.
- the central server 5 has populated the business documents 10 and transforms these business documents 10 to transaction sets 11 enabling the operator network 24 to operate on the acquirer network 4.
- Each merchant's credentials are provided to only the associated merchant, usually by the operator providing the credentials directly using offline or online means, for example by an operator's sales agent delivering a smart card to the merchant, or delivering a smart card by mail or courier, or possibly indirectly by the operator of the central server 5, for example by download or request for activation of security cryptographic primitives.
- each transaction set may include a process whereby a request is made to the central server 5 (either directly or indirectly through the server) for the up to date business document(s) associated with the transaction set, which the central server 5 is operable to send to the terminal 1 (again directly or indirectly) thereby providing to the terminal on a real time or near real time basis the up to date business data originating from the operator and required in order to process the transaction between the user and the operator, with the terminal and operator providing the conduit.
- the central server 5 may be linked to the operator server 6, and one aspect is that it is linked the operator server 6 to pull specific information and update the central server 5 to the extent that there are changes at the operator server 6 level that constitute updates to operator specific business data or transaction rules.
- the central server 5 may be self- updating in order to appropriately reflect regular changes at the operator level that need to be reflected in the way that transactions processed. Push and pull architectures are possible, to conform with the specific requirements of each operator, and in one embodiment the central server 5 accommodates both architectures.
- Both the acquirer and the operator may desire full authentication.
- the acquirer may require device and data authentication while the operator requires entity authentication, for example authentication of a user accessing the system, to prevent theft for example.
- entity authentication for example authentication of a user accessing the system
- the acquirer may also require device authentication to ensure the integrity of its network.
- the acquirer may not be concerned with the identity or invoicing of users (merchants). Rather, theft and subsequent use of a terminal by an unknown entity is a much larger concern for operators. Therefore operators may desire to authenticate the user of the terminal 1 in the merchant store.
- Security services 7 enable an operator to leverage the acquirer network 4.
- the security services 7 provide authentication of users, entities or terminals to the operator network 24.
- the security services 7 also enable the acquirer to secure the acquirer network 4.
- the present invention provides both data origination authentication for the acquirer and user entity authentication for the operator.
- Both a customer anonymous mode and in a customer registered account mode may be provided.
- At least three business processes may be provided for configuring the system of the invention prior to operation of a terminal in the operator network: (1) set-up/certify new operator; (2) set-up/certify new acquirer; (3) set-up/QA new merchant, which has entered into a contract with the operator, and has one or more stores and one or more terminals.
- the authentication includes both authentication of the terminal 1 and of the user at multiple levels.
- the terminal 1 may be associated with a merchant ID and store ID (particularly where the merchant has stores in various jurisdictions) and device ID, while the user is authenticated by a user ID.
- the security services may be configured to associate the user ID with a particular set or sets of merchant ID, store ID and device ID, preventing an unauthorized use of a terminal 1. Blocking of transactions for example not authorized geographically could be controlled at a number of different levels. This may be performed at the central server or the operator level, to block a transaction if it is not coming from an authorized terminal, i.e. a terminal 1 in an authorized geographic location or from a merchant location that has been otherwise approved by the operator.
- the central server 5 provides for multiple security services 7 across the acquirer network 4 (or portion thereof associated with the operator) and the operator network 24 to support their respective industry security needs.
- Cryptographic security primitives may be combined to meet various security services functions and objectives. The methods of operation will exhibit different characteristics when the primitives are applied in a variety of ways and inputs.
- the security level at the central server 5 level is implemented to meet the current industry practices of the banking industry as it relates to the industry term called "the work factor to defeat the security objective". For this reason the invention may be implemented with unkeyed primitives, symmetric-key primitives and public/asymmetric-key primitives.
- An example of a combination of primitives to provide the "entity authentication" is the process whereby the acquirer terminal receives via download or download activation or physical delivery the USER public and private key pair, and the public key of the central server and the public key of the operator. These keys combined with the primitives and application techniques can provide the security services.
- An example of the security services is the securing of the transaction sets (enabled by the terminal application, and optionally the terminal application in cooperation with the acquirer server application) whereby the message data associated with the business documents (in effect reflecting the business data) is completed by the SSL/TLS protocol suite to provide encryption privacy, operator and central server authentication, message integrity, USER authentication and non-repudiation services.
- Security Protocol examples which can provide authentication, integrity, and privacy are: a. SHTTP b. S/MIME c. Internet SSL/TSL including mutual authentication d. Digital signature/envelopes CMS PKCS #7, RFC 2315 e. IPsec
- merchants may also operate their own networks of terminals, whether to reduce costs and to facilitate functionality that is not provided by the financial institution, in which case for the purposes of the invention the merchant networks are part of the acquirer network with respect to enabling communications with the operator.
- the merchant network may include zones or corporate networks linked to the acquirer network at the direction of the merchant based on the merchant's own authentication requirements.
- the security services include enabling the merchant's authentication requirements to be addressed for enabling communications between the merchant terminals and the operator via the merchant network and the financial institution's network.
- a terminal application 17 is delivered to the terminals 1 for acceptance by the acquirer as described above.
- the terminal application 17 provides authentication whereby the operator is authorized to operate its network on the acquirer's network.
- the terminal application 17 enables the terminal 1 to be used on the operator network 24 by authenticating the terminal 1 by way of the central server and security services.
- the terminal applications 17 configure the terminals 1 to provide the communication methods of the present invention.
- the terminal application 17 leverages the resources of the terminal 1 on which it resides and communicates with the central server 5.
- the terminal applications 17 also receive from the central server 5 dynamic data 12, updates 13 to programming, and additional programming code to enable the communications described over the acquirer network 4.
- Each terminal application 17 comprises: (a) a messaging utility 18 for enabling the exchange of communications with the central server 5; (b) security layers 19 with optionally a data origination authentication utility and device authentication for authenticating the terminal to the acquirer server, particularly in a client/server implementation of the terminals 1 where the terminal 1 is the client to the acquirer server 3; (c) a controller/handling and processing layer 20 for processing the transactions whether based on instructions that are part of the terminal application 17, or instructions provided dynamically by the acquirer server 3; (d) a user authentication layer 21 directed to the operator, and operable to authenticate an authorized user of the terminal 1 to the operator server 6, whether directly or indirectly by operation of the central server 5 as an authentication intermediary; and (e) a presentation layer 23 and user interface linked to the handling/processing layer for interacting with the user interfaces keypad, displays, touch screens and printing etc.
- the messaging layer 18 may include means for communicating between the terminal 1 and the acquirer network 4 and central server 5. These communications may be based upon specific external interface specification of protocols, for example FTP, HTTP, HTTPS, ISO 8583, and message formats, for example proprietary bit maps as binary data, various encrypted formats, EDI X 12, various HTML and various XML vocabularies, etc. This layer may also include security and authentication requirements specific to the terminal application 17 or related processes in relation to the acquirer server.
- protocols for example FTP, HTTP, HTTPS, ISO 8583
- message formats for example proprietary bit maps as binary data, various encrypted formats, EDI X 12, various HTML and various XML vocabularies, etc.
- This layer may also include security and authentication requirements specific to the terminal application 17 or related processes in relation to the acquirer server.
- the controller/handling and processing layer 20 may be operable to hold, manage and apply transaction sets 11.
- the transaction sets 11 embody the operator's processes in regards to the terminal 1 and a security handler includes the operator security and authentication means or could be a separate component.
- the presentation layer 23 may include a utility for managing what appears on the terminal display, keypad inputs, readers and printers, that is associated and approved by the acquirer or the operator (and optionally the merchant where the operator has agreed for example to display or print the merchant's logo on the output of a transaction) as well as other screen displays, prompts and menu selections.
- the user interface may support the terminal's hardware drivers and reader services, and controllers for connectivity and security, which may require support for the specific protocol and message format used by the acquirer on its terminals. It may also include security/authentication processes as it relates specifically to loading, configuration and interoperation of the application and the terminal. Payment
- the invention provides to the merchant the capability to use the merchant's terminals 1 to distribute information and products and complete the selling and payment transaction with the operator.
- the operator's product is a service to place funds into the customers own personal account with the operator.
- the customer or alternately the merchant may use the terminal 1 to review and choose products, make personal selections and then pay and optionally print an operator ticket in real time.
- the shared use of the terminal 1 enables both payment processing and sales of operator products.
- Each of these tasks is executed within their respective network.
- the invention provides the merchant with means at the terminal 1 to accept payment for multiple transactions between a customer and the operator. Multiple operator products may be offered and purchased. The customer may choose multiple products and pay the merchant on the terminal 1 , optionally resulting in printing an operator ticket on the terminal 1 or a peripheral printer.
- the terminal 1 may be used to read a customer's identification document, for example a driver's license or other identification, the operator may enroll the customer and collect customer purchase information. This may be particularly advantageous where the operator's product requires a minimum age or residency requirement to be confirmed using the terminal.
- a customer's identification document for example a driver's license or other identification
- a database 15 linked to the operator server 6 may also be maintained by the operator for associating enrolled customers with profile information 16, for example to predict purchasing by the customer. For example, information about the customer and their purchases may be transmitted and stored in the operator's database 15.
- the operator's database 15 may provide to the terminal 1 customer information for direct selections and may collect further information, augmenting that information already stored. After collecting the information the terminals 1 may transmit the information directly to the operator, or in the alternate to prepare and submit it indirectly via the third party terminal or device.
- the invention is a system to enable sales and distribution of lottery tickets, game tickets, and other entry tickets by utilizing the processing networks and devices of the financial services industry.
- the invention is based upon the novel approach whereby retail customers may select, purchase, pay and print these tickets, vouchers or coupons by sharing and utilizing the acquirer's electronic payments devices and infrastructure.
- a financial institution is the acquirer and a lottery commission is the operator.
- FIG. 3 illustrates the present invention for enabling a lottery retailer to sell lottery tickets using a terminal provided by an acquirer.
- a plurality of terminals are provided, which either connect directly or through a merchant terminal to the Internet.
- a central server is provided that enables access to the operator network by the terminals.
- FIG. 4 illustrates an example set of processes for enabling a merchant with a terminal to access an operator network.
- a trusted individual at the merchant is provided with an authentication.
- the trusted individual authenticates to the central server using the terminal.
- the central server responds by enabling the terminal to display options to the trusted individual, for example to manage merchant options on the terminal or to maintain the authentication of the terminal.
- Another individual at the merchant may actually be responsible for processing transactions. For example, a customer may wish to purchase a lottery ticket or attempt to have cancelled a lottery ticket. The individual may select a lottery ticket selling function or a lottery ticket cancellation function on the terminal. The function is transmitted through the central server to the operator's server, where it is processed.
- a number of payment transaction types may be performed by the user on the terminal in accordance with a typical implementation: (a) credit or debit card sale, enabling the credit cardholder to pay for goods or services ; (b) refund for an earlier payment made by a cardholder; (c) transferring funds from a cardholder's account; (d) cash back, enabling a cardholder to withdraw funds from their own account at the same time as making a purchase; (e) enquiry, enabling a cardholder to view their balance; (f) an available funds enquiry, linked accounts enquiry or request for a statement of recent transactions on the account; (g) top-up, where a cardholder can use a terminal to add funds to a pre-paid account, for example a mobile phone; and (h) administrative, for any of a variety of non- financial transactions.
- the invention enables the terminal to provide additional functions within the operator network environment, including for example: (a) the customer chooses to perform a transaction with the operator, enabling the terminal to initiate an authentication process with security services and linking to the operator network to activate and run operator functions; (b) the user initiates the terminal's link to the operator network by an event which may be for example a keypad entry on the terminal or the terminal performing an access activation through different trigger events such as a magnetic cards read, bar code read, RFID, or near field communication; (c) the user uses the terminal as a sales channel in accordance with business data from the operator and the customer or user selects the product for pending purchases.
- a pending purchase may need to be configured by the user who may choose a number of ways to configure and make selections in accordance with the business data.
- the user may choose to manually enter their selection choices, or in particular implementations may accept random generated selections or repeat prior selections.
- the user inputs are made on the terminal keypad and sent to the operator's server for validation against the business data.
- customer selection slip forms are read by a device and the selections or marks are converted into the selections.
- the entry is accepted or rejected by the operator's business data. If the entry is accepted a printout may be generated. Customer and/or merchant information may also be packaged with the printout.
- the transactions may be canceled by the purchaser.
- FIG. 5 illustrates the context of four subsystems of the invention 120, 500, 510, 310 wherein it is implemented as a lottery sales system.
- Standard retail payment systems for credit and debit payments use the systems 100, 1 10, 200, 300, 400, 700, 800, 900.
- the objective of the invention is to enable and utilize devices and systems 100, 200, 300, 400 of the payments processing networks into a multipurpose network to act as a sales and distribution channel.
- the invention enables lottery and gaming content from system 600 to be sold and payment accepted at a merchant who is in possession of system 100 having invention subsystem 120.
- Payment application 110 in system 100 requires the invention manage and comply with all of the rules, constraints and interfaces for the standard retail payment system in order to have shared processes of ticket sales with payment.
- System 100 receives and loads the appropriate version of the invention's approved lottery application 120, from the invention subsystem 500 via either the systems 400 and 200, or in some cases from the acquirer network system 300.
- Many different makes and models of payment devices, system 100 exist.
- the rights and certifications requirements to install the invention software application 120 into subsystem 100 are subject to both the make and model technology make-up and the device estate owner and the acquirer 300 requirements. In some cases the device estate owner is also 300 and in other cases it is the merchant or a third party.
- the data communications to and from 100 have network security and may be one or more choices of various types of wired links or wireless transmission links.
- the lottery application 120 is a software application which has user interfaces for the customer, merchant, admin and maintenance.
- FIG. 6 illustrates an example of a print-out of a lottery entry ticket of the terminal 100 resulting from an example usage of the lottery application 120.
- Application 120 supports on 100 the display presentation and user input and may be keypad or touch-screen.
- Application 120 supports data communications for wireless, wired dial-up and LAN to broadband connectivity.
- Application 120 supports the local connected peripherals such as bar code reading of tickets and selection slips, customer display units, retailer display units, ticket checker and ticket validation processes, and external printers.
- the invention software application subsystem 500 provides services and content to the invention's system 110 to enable the content and transactions which originated in system 600.
- Invention subsystem 500 provides services in the form of a set of transactions which perform and execute and record business processes and transactions between the lottery commission, retail merchant, and customer.
- This invention application 120 providing service at 100 may sometimes be provided transactions indirectly via 300 and invention subsystem 310, or directly through the systems and networks 200 and 400, but is based upon transactions with subsystem 500.
- Subsystem 500 is the repository for lists and catalogs of games and all order handling business documents for the sales and distribution processes.
- Subsystem 500 interfaces to one or many operators, 600, either directly or via 520, a third party player account system or enterprise system. When required the subsystem 500 may exist in one more licensed jurisdiction as needed.
- Subsystem 500 may also act as an accumulator and forwarding service for customer data.
- the subsystem 310 is an adapter within a certified secure environment of the acquirer 300.
- Subsystem 310 acts as a proxy for 500 when needed to meet the acquirer and estate owner needs for communicating appropriately with devices 100.
- As many 310 may be used as is needed to satisfy different Acquirers and their respective mix and needs for the multiple variety of types of 100 makes and models of devices communicating with 300.
- the subsystem 510 is a management and monitoring tool for subsystem 500.
- Subsystem 510 is intended to create game product catalogs, and maintain, activate and publish catalogs, which contain items, pricing and promotions.
- the subsystem 510 has tools to manage the catalogs pre-game offer, game validation, game start and game closing, and the post-game results, entry and publication. In some cases it is also used to publish winning numbers and winning tickets.
- Subsystem 510 also has tools to monitor the events associated with the on-going businesses of multiple operator systems 600.
- Invention subsystem 500 provides the highest level of transaction services between the originating multiple products offered by multiple operators 600 and the very larger number of merchants 100, associated with many regional acquirers 300.
- Subsystems 510 and 500 create a business document appropriate for each jurisdiction and each sales entry channel, the business documents indicating product/services with itemized sales pricing, and promotions catalogs.
- System 500 upon request sends directly or indirectly the business documents to 110 which is to include live valid games to be played in the jurisdiction.
- Subsystem 500 obtains from many operators 600 the necessary information to define games and game validity.
- Subsystem 110 may configure locally all the product selections or may request from subsystem 500 information for the build either being randomly generated selections or from prior selections as registered by the customer.
- Subsystem 500 may receive from the merchant 100 a request for a product as a built quote document and provides a validity response to the request for quote which includes a valid time to purchase entry ticket for a defined cost.
- Subsystem 500 may alternatively receive from the merchant 100 a purchase order document and responds with a purchase order acknowledgement document stating valid, error, accepting or rejecting based upon business rules or exclusions as provided by the business data. Subsystem 500 may also receive from the merchant 100 a purchase order change request and responds with a purchase order changes request acknowledgement. Subsystem 500 may also receive from the merchant 100 a payment notice and responds with ticket entry successful or failed so that the merchant 100 can print the ticket or failure notice. Subsystem 500 may also receive from the merchant 100 for those customers who have existing operator accounts, certain customer ID information and may respond with customer's national currency (eg. dollar, euro) balance or loyalty reward points balance. Subsystem 500 may also receive from the merchant 100 an application from a customer to enroll and register for an operator account based upon information read by 100 from their drivers license.
- a purchase order acknowledgement document stating valid, error, accepting or rejecting based upon business rules or exclusions as provided by the business data.
- Subsystem 500 may also receive from the merchant 100 a purchase order change request
- a merchant wishes to sell lottery tickets.
- the merchant requests the acquirer make available the acquirer's terminal signed application.
- the terminal's existing or proprietary application makes available the terminal application for download.
- the terminal application enables entity authentication.
- the merchant as a user of the terminal selects lottery from an IDLE screen display and is prompted to "sign-on".
- the user interface of the terminal prompts the user to "Enter/Swipe/Insert lottery issued credentials + Press OK"; the user complies.
- the user interface of the terminal prompts the user to "Enter User Password number + Press OK”; the user complies.
- the terminal application performs a cryptographic technique and the terminal provides requesting- sign-on with credentials and security information..
- the request-sign-on is received by the acquirer server, is recognized and is flagged for packaging and forwarding with certain merchant, store and terminal data. e.
- the central server performs its security and routing rules, and forwards security information to the operator server.
- operator server When authenticated (pass/fail) by the operator server, then operator server provides responding-sign-on and security-protocols to the central server and the terminal.
- the terminal receives security responses and necessary cryptographic information for connectivity with the central server and the operator, h. OUTPUT, Print Sign-on receipt, i. OUTPUT, Print Sign-on message.
- j. OUTPUT Display IDLE display with a prompt indicating a lottery selection.
- terminal Subject to response to sign on, then terminal may request a download of application code from 310 or 300 central server, for all operator transaction sets, and terminal receives and authenticates the data origination and data integrity.
- Application includes a reformatted operator catalog of game information which is reformatted specific to the acquirer protocol/format and terminal resources.
- Player/recipient expresses interest to user/merchant to buy a lottery ticket.
- the user for example a merchant, can activate the terminal application from the display prompt and Function keypad push.
- a. The user is prompted by display to create Order.
- the user reviews the displayed choices of the catalog.
- the user makes selections which become line items in a Requesting Order document + OK.
- the terminal application performs cryptographic technique and submits a request for Order.
- Request for Order is recognized by the acquirer and packaged with certain merchant, store and terminal.
- the central server performs its security, routing rules, and forwards security information and package to operator.
- the operator server performs security process and creates a response having specific business data/information.
- the operator server responds to Order, returns the business data to the central server. h.
- the central server transforms the business data into Order Response document for eventual transformation transport to terminal.
- the central server packages the Order Response transformed specifically for the acquirer network and terminal for printing, j.
- Merchant is prompted to Print OK, and selects OK on the terminal to print.
- a printed message is transported to the central server and to the operator server. 1.
- the terminal outputs a ticket. m. (As E-ticket contains sensitive information as it relates to player, their selections and ticket control number, which may be returned both encrypted and may be a graphic image in the form not machine vision readable.)
- Sign-off a. Send sign-off request and receive sign-off response. b. OUTPUT, Print sign-off slip. c. Set internal state to disable wagering and tickets functions.
- the following transaction sets may be provided for a lottery ticket purchase:
- a customer or alternately a merchant may use the terminal to review and choose products, make personal selections and then pay and optionally print an operator ticket in real time.
- the shared use of the terminal 100 enables both payment processing and sales of operator products.
- Each of these tasks may be executed within their respective network but could also be brokered by the third party operating the central server or another broker.
- the broker may act as an intermediary to process payments as between the merchants and the operator.
- Other applications include the use of the terminal and networks to create, store, read, update and delete customers' favorite lottery selections, for example games, and numbers to be used to print on the tickets.
- a database could be provided for binding these selections and numbers to a customer's lottery issued card, loyalty card with machine readable information, for example bar code, magnetic stripe, or contactless card, or loaded into a smart card. These numbers may be anonymously stored or bound to each customer's account or an identification card.
- a merchant or the customer would provide the card to be read, which initiates the terminal application to obtain the selections and numbers and print the favorites and numbers.
- the central server may provide an analysis and/or reporting utility. While an acquirer or an operator may not want to share with the other party the data communicated over its network, the central server as a trusted intermediary and operable to access the data may generate and provide analytics, reports, and other summaries of the data for use by the other party. For example, while the operator may not want the acquirer to have knowledge of the particular transactions being made over the operator network, the central server may provide the acquirer with reports regarding the number, frequency or amount of the transactions in a given day, month or year.
- the central server may provide connectivity to the operator acting as a trusted intermediary who contractually is an authenticated single master merchant for a large quantity of sub-merchants.
- the present invention could be used for providing event ticketing, for example for sports and entertainment or could be used for providing public transit tickets.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Economics (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Development Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Educational Administration (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Operations Research (AREA)
- Game Theory and Decision Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephonic Communication Services (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009801331530A CN102150398A (en) | 2008-07-30 | 2009-07-30 | System and method for providing a secure network on another secure network |
CA2731160A CA2731160C (en) | 2008-07-30 | 2009-07-30 | System and method for providing a secure network on another secure network |
US13/054,957 US20110126264A1 (en) | 2008-07-30 | 2009-07-30 | System and method for providing a secure network on another secure network |
EP09802320A EP2314023A4 (en) | 2008-07-30 | 2009-07-30 | System and method for providing a secure network on another secure network |
AU2009276262A AU2009276262A1 (en) | 2008-07-30 | 2009-07-30 | System and method for providing a secure network on another secure network |
US13/888,351 US8990918B2 (en) | 2008-07-30 | 2013-05-06 | System and method for providing a secure network on another secure network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2.637,179 | 2008-07-30 | ||
CA2637179A CA2637179A1 (en) | 2008-07-30 | 2008-07-30 | A device and system to enable and operate the selection, sales and distribution of lottery tickets and other tickets processes |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/054,957 A-371-Of-International US20110126264A1 (en) | 2008-07-30 | 2009-07-30 | System and method for providing a secure network on another secure network |
US13/888,351 Division US8990918B2 (en) | 2008-07-30 | 2013-05-06 | System and method for providing a secure network on another secure network |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010012094A1 true WO2010012094A1 (en) | 2010-02-04 |
Family
ID=41609889
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2009/001070 WO2010012094A1 (en) | 2008-07-30 | 2009-07-30 | System and method for providing a secure network on another secure network |
Country Status (6)
Country | Link |
---|---|
US (2) | US20110126264A1 (en) |
EP (1) | EP2314023A4 (en) |
CN (1) | CN102150398A (en) |
AU (1) | AU2009276262A1 (en) |
CA (2) | CA2637179A1 (en) |
WO (1) | WO2010012094A1 (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8707088B2 (en) | 2010-05-19 | 2014-04-22 | Cleversafe, Inc. | Reconfiguring data storage in multiple dispersed storage networks |
US20120254034A1 (en) * | 2011-04-01 | 2012-10-04 | Mastercard International Incorporated | Method for performing acquirer routing and priority routing of transactions |
US9082114B2 (en) * | 2011-07-29 | 2015-07-14 | Ncr Corporation | Self-service terminal |
US9405984B2 (en) | 2012-02-08 | 2016-08-02 | Scientific Games International, Inc. | Logistics methods for portable, mobile processing of lottery and contest tickets |
US9842335B2 (en) | 2012-03-23 | 2017-12-12 | The Toronto-Dominion Bank | System and method for authenticating a payment terminal |
US9152957B2 (en) | 2012-03-23 | 2015-10-06 | The Toronto-Dominion Bank | System and method for downloading an electronic product to a pin-pad terminal after validating an electronic shopping basket entry |
US9760939B2 (en) * | 2012-03-23 | 2017-09-12 | The Toronto-Dominion Bank | System and method for downloading an electronic product to a pin-pad terminal using a directly-transmitted electronic shopping basket entry |
US10362006B2 (en) | 2013-03-15 | 2019-07-23 | Mastercard International Incorporated | Systems and methods for cryptographic security as a service |
US10311434B2 (en) * | 2014-05-29 | 2019-06-04 | Paypal, Inc. | Systems and methods for reporting compromised card accounts |
US11277439B2 (en) | 2016-05-05 | 2022-03-15 | Neustar, Inc. | Systems and methods for mitigating and/or preventing distributed denial-of-service attacks |
US10958725B2 (en) * | 2016-05-05 | 2021-03-23 | Neustar, Inc. | Systems and methods for distributing partial data to subnetworks |
CN109313756B (en) * | 2016-06-15 | 2023-03-10 | 万事达卡国际公司 | Transaction flow and transaction processing for bridged payment systems |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000011832A1 (en) | 1998-08-21 | 2000-03-02 | Visto Corporation | System and method for enabling secure access to services in a computer network |
US6364206B1 (en) * | 2000-01-19 | 2002-04-02 | Marconi Commerce Systems Inc. | Lottery ticket sales in fueling forecourt |
WO2003030063A1 (en) * | 2001-09-28 | 2003-04-10 | E2Open Llc | Method for business to business collaborative viral adoption |
US20030115482A1 (en) * | 2001-12-05 | 2003-06-19 | Masatoshi Takihiro | Method and apparatus for network service |
US20030220132A1 (en) * | 1997-03-21 | 2003-11-27 | Walker Jay S. | System and method for performing lottery ticket transactions utilizing point-of-sale terminals |
US20040148522A1 (en) * | 2001-04-05 | 2004-07-29 | Hofheinz Walter-Juergen | Method for a secure information transfer |
US20040242309A1 (en) * | 2003-03-13 | 2004-12-02 | Melesko Robert S. | Lottery transaction device, system and method |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040117485A1 (en) * | 2002-12-03 | 2004-06-17 | Collatus Corporation, A Delaware Corporation | Apparatus, method, and computer program product for tunneling TCP based client-server applications |
US7219154B2 (en) * | 2002-12-31 | 2007-05-15 | International Business Machines Corporation | Method and system for consolidated sign-off in a heterogeneous federated environment |
-
2008
- 2008-07-30 CA CA2637179A patent/CA2637179A1/en not_active Abandoned
-
2009
- 2009-07-30 WO PCT/CA2009/001070 patent/WO2010012094A1/en active Application Filing
- 2009-07-30 EP EP09802320A patent/EP2314023A4/en not_active Withdrawn
- 2009-07-30 CN CN2009801331530A patent/CN102150398A/en active Pending
- 2009-07-30 CA CA2731160A patent/CA2731160C/en active Active
- 2009-07-30 AU AU2009276262A patent/AU2009276262A1/en not_active Abandoned
- 2009-07-30 US US13/054,957 patent/US20110126264A1/en not_active Abandoned
-
2013
- 2013-05-06 US US13/888,351 patent/US8990918B2/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030220132A1 (en) * | 1997-03-21 | 2003-11-27 | Walker Jay S. | System and method for performing lottery ticket transactions utilizing point-of-sale terminals |
WO2000011832A1 (en) | 1998-08-21 | 2000-03-02 | Visto Corporation | System and method for enabling secure access to services in a computer network |
US6364206B1 (en) * | 2000-01-19 | 2002-04-02 | Marconi Commerce Systems Inc. | Lottery ticket sales in fueling forecourt |
US20040148522A1 (en) * | 2001-04-05 | 2004-07-29 | Hofheinz Walter-Juergen | Method for a secure information transfer |
WO2003030063A1 (en) * | 2001-09-28 | 2003-04-10 | E2Open Llc | Method for business to business collaborative viral adoption |
US20030115482A1 (en) * | 2001-12-05 | 2003-06-19 | Masatoshi Takihiro | Method and apparatus for network service |
US20040242309A1 (en) * | 2003-03-13 | 2004-12-02 | Melesko Robert S. | Lottery transaction device, system and method |
Non-Patent Citations (1)
Title |
---|
See also references of EP2314023A4 * |
Also Published As
Publication number | Publication date |
---|---|
US8990918B2 (en) | 2015-03-24 |
US20110126264A1 (en) | 2011-05-26 |
CN102150398A (en) | 2011-08-10 |
CA2731160A1 (en) | 2010-02-04 |
US20130312080A1 (en) | 2013-11-21 |
EP2314023A4 (en) | 2013-02-20 |
EP2314023A1 (en) | 2011-04-27 |
CA2731160C (en) | 2017-07-04 |
AU2009276262A1 (en) | 2010-02-04 |
CA2637179A1 (en) | 2010-01-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8990918B2 (en) | System and method for providing a secure network on another secure network | |
US11783323B1 (en) | Autonomous devices | |
US11880815B2 (en) | Device enrollment system and method | |
US7734527B2 (en) | Method and apparatus for making secure electronic payments | |
CN103975352B (en) | The stored value card that can be supplemented with money safely | |
AU2001248198B2 (en) | A method and system for a virtual safe | |
CN110462663A (en) | For indicating the static token system and method for dynamic authentic credential | |
CN108476227A (en) | System and method for equipment push supply | |
US20140201084A1 (en) | Apparatus configured to facilitate secure financial transactions | |
CN109074582A (en) | System and method for generating sub- token using main token | |
CN108701307A (en) | Method and system for verifying token requester | |
TWI654574B (en) | Block block electronic ticket trading system and electronic ticket trading method thereof | |
CN103858141A (en) | Payment device with integrated chip | |
CN107408253A (en) | The safe handling of e-payment | |
CN109074578A (en) | System and method for executing push transaction | |
WO2012125759A2 (en) | System and method for processing payment transactions | |
US20220277288A1 (en) | Systems and methods for displaying payment device specific functions | |
Tan | E-payment: The digital exchange | |
JP7578773B1 (en) | Public personal authentication service utilization system and method | |
US20220147971A1 (en) | System and method for communicating a token to a mobile device | |
JP2003132255A (en) | Stamp service point management device and stamp service point management method | |
CA3176816A1 (en) | A system and method using blockchain and non-fungible digital identity tokens to deliver digital and real-world assets bound with validated identity and other credentials | |
KR100700128B1 (en) | Method and System for Selling Means of Electronic Payment by Using PC-Room | |
KR20010105103A (en) | System for lottery service using internet and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200980133153.0 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09802320 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2731160 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009276262 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13054957 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2009276262 Country of ref document: AU Date of ref document: 20090730 Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1355/CHENP/2011 Country of ref document: IN Ref document number: 2009802320 Country of ref document: EP |