WO2001092982A2 - System and method for secure transactions via a communications network - Google Patents

System and method for secure transactions via a communications network Download PDF

Info

Publication number
WO2001092982A2
WO2001092982A2 PCT/IL2001/000489 IL0100489W WO0192982A2 WO 2001092982 A2 WO2001092982 A2 WO 2001092982A2 IL 0100489 W IL0100489 W IL 0100489W WO 0192982 A2 WO0192982 A2 WO 0192982A2
Authority
WO
WIPO (PCT)
Prior art keywords
customer
computing device
order
supplier
validating
Prior art date
Application number
PCT/IL2001/000489
Other languages
French (fr)
Other versions
WO2001092982A3 (en
Inventor
Moshe Caspi
Original Assignee
Moshe Caspi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Moshe Caspi filed Critical Moshe Caspi
Priority to AU62634/01A priority Critical patent/AU6263401A/en
Publication of WO2001092982A2 publication Critical patent/WO2001092982A2/en
Publication of WO2001092982A3 publication Critical patent/WO2001092982A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to network data communications. More particularly, it relates to ensuring the security of transactions conducted over a communications network.
  • Transactions carried out via a communications network must be protected from access by unauthorized parties. The protection must extend to the computers of both parties conducting the transaction as well as the communications network itself.
  • a common example of such a transaction is where a customer purchases a good or service from a supplier's Web site, in other words an e-commerce transaction.
  • hackers can conduct an illegal transaction on the supplier Web site by remotely manipulating a legitimate customer's computer without that customer being aware of his doing so or by impersonating the customer after surreptitiously learning the customer's identification code or credit card number.
  • a hacker can penetrate the supplier's Web site, sending bogus information to the customer or intercepting the customer's payment.
  • the hacker can interfere with the information transferred between the two parties to the transaction, particularly regarding what the customer thinks he is buying, what the supplier thinks the customer is buying, whether the customer approves payment, and whether payment is received by the supplier.
  • US patent 5,883,810 awarded in 1999 to Franklin et al, and entitled "Electronic online commerce card with transaction proxy number for online transactions," describes an online commerce system where an issuing institution generates a temporary transaction number for a customer and associates it with the customer's permanent account number in a data record. The customer submits the transaction number to the merchant as a proxy for the customer account number. The merchant handles the transaction number in the same manner as any regular credit card number. When the merchant asks the issuing institution for verification, the issuing institution references the customer account number, using the transaction number as an index, processes the authorization request using the real customer account number in place of the proxy number, and sends an authorization reply back to the merchant under the transaction number.
  • the module includes input means for the customer to enter his order and a DTMF tone generator for communicating the customer order and ID number to a computer via that computer's microphone. While the tone generation is compatible with some aspects of telephony, it is limited for use with computers since it is unidirectional - from the customer to the computer. Furthermore, the customer is required to reenter transaction details himself as part of the confirmation process. This is tedious for the customer and creates the possibility of errors creeping in.
  • this system does not include any dedicated secure device for the supplier side of the transaction, nor does it provide for third party validation of the transaction, nor is their a mechanism for verifying that the information presented to the customer is valid.
  • the present invention is unique in that it is designed to provide full, affordable, easy-to-use security for electronic transactions. It completely prevents hackers from using the customer and supplier computers to access the critical parts of the transaction. This is accomplished by moving these parts, including encryption/decryption, out of the computers and into dedicated external computing devices.
  • the external devices are connected to the computers via a secure communications protocol that limits the computer's access to the device to only predefined functions. No transaction is completed until the customer has approved it via the user input means of his external computing device. Therefore, it is physically impossible for a remote hacker to carry out an unauthorized transaction.
  • Another advantage of the present invention is that any or all parts of the invention can be fully automated, operating without human intervention.
  • the preferred embodiment of the present invention applies to e-commerce transactions via the Internet.
  • the same principles can be applied in alternative embodiments for other forms of data transactions on other types of communications networks.
  • a method for facilitating online commerce between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device comp ⁇ sing the following steps: a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; and b providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; and c requesting customer confirmation; and d executing payment upon confirmation; and e supplying goods or services,
  • the requesting customer confirmation step comprises the following steps:
  • a initially validating the customer order on the supplier's order-filling computing means comprises the following steps:
  • a decrypting the customer confirmation b notifying the customer's payment provider to execute payment; c receiving confirmation of payment from said payment provider; d encrypting payment confirmation and sending to supplier's dedicated computing means;
  • the supplying goods or services step comprises the following steps:
  • the customer's dedicated computing means is a stand-alone device. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing means is integrated into a remote control unit, the customer's computing device is a Web-enabled television set, and the two are connected via a bidirectional communications means.
  • the customer's dedicated computing means is an electronic commerce card
  • the supplier's dedicated computing means is a stand-alone device.
  • the customer input means on the customer's dedicated computing means is touch-based, as in a keyboard, keypad, or touchscreen and appropriate software.
  • the customer input means on the customer's dedicated computing means is voice-based, as in a microphone and voice recognition software.
  • the means for output to the customer on the customer's dedicated computing means is display-based, as in an alpha-numeric or graphical display and appropriate software. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the means for output to the customer on the customer's dedicated computing means is to a port, as in a parallel port to a printer.
  • the validating computing device provides the customer's dedicated computing means with an anonymous identification code.
  • a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; b the dedicated computing means receiving an encrypted confirmation request from the validating computing device; c decrypting the order and outputting it to the customer; d the customer inputting his or her confirmation; e encrypting the confirmation and sending to the validating computing device;
  • a providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; b initially validating the customer order on the supplier's order-filling computing means; c encrypting the order with supplier's private code and sending payment request to the validating computing device; d decrypting payment confirmation received from validating computing device; e notifying supplier's order-filling computing means to execute order; f filling order by providing goods or services to customer.
  • a method for facilitating online transactions between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device comprising the following steps: a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; b providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; c requesting customer confirmation, comprising the following steps: i initially validating the customer order on the supplier's order-filling computing means; ii encrypting the order with supplier's private
  • a system for facilitating online transactions between a customer's computer device and a supplier's computing device, in cooperation with a validating computing device comprising the following:
  • a a dedicated customer computing device for security-critical parts of the transaction the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device and programmed to receive an order confirmation request, decrypt the request, output the request to the user (customer), receive the customer's response (input) to the confirmation request, encrypt the customer response; and send the response to the validating computing device;
  • b a dedicated supplier computing device for security-critical parts of the transaction the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device and programmed to receive a customer order from the supplier's transaction site, encrypt an order and payment confirmation request, send the request to the validating computing device; receive order and payment confirmed message from the validating computing device, and notify the order-filling
  • the validating computing device being configured to receive an order and payment confirmation request from the dedicated supplier computing device, decrypt the request, encrypt an order confirmation request for the customer, send the request to the customer, receive the customer's response, decrypt the response, notify the customer's payment provider to execute payment, receive confirmation of payment from said payment provider; encrypt an order and payment confirmed message, and send said message to the dedicated supplier computing device.
  • a system for facilitating online commerce between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device comprising the following:
  • a providing the customer with a dedicated computing device for security-critical parts of the transaction the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device;
  • the confirmation comprises the following:
  • a initially validating the customer order on the supplier's order-filling computing device b encrypting the order with supplier's private code and sending a payment request to the validating computing device; c decrypting the order, encrypting with user's private code and sending to customer's dedicated computing device; d decrypting the order and outputting it to the customer; e the customer inputting his or her confirmation; f encrypting the confirmation and sending to the validating computing device;
  • executing payment upon confirmation comprises the following:
  • a decrypting the customer confirmation b notifying the customer's payment provider to execute payment; c receiving confirmation of payment from said payment provider; d encrypting payment confirmation and sending to supplier's dedicated computing device;
  • supplying goods or services comprises the following:
  • a decrypting the payment confirmation b notifying supplier's order-filling computing device to execute order; c filling order by providing goods or services to customer.
  • the supplier's order-filling computing device performs the further check of comparing order as confirmed with original order.
  • the validating computing device maintains a database about the transaction. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that all encrypted messages for a given order have a unique identifier known and checked by the supplier's order- filling computing device.
  • the customer's dedicated computing device is a stand-alone device.
  • the customer's dedicated computing device is integrated into a remote control unit, the customer's computing device is a Web-enabled television set, and the two are connected via a bidirectional communications device.
  • the customer's dedicated computing device is an electronic commerce card
  • the supplier's dedicated computing device is a stand-alone device.
  • the customer's dedicated computing device is provided with user access protection device.
  • the customer input device on the customer's dedicated computing device is touch-based, as in a keyboard, keypad, or touchscreen and appropriate software.
  • the customer input device on the customer's dedicated computing device is voice-based, as in a microphone and voice recognition software.
  • the device for output to the customer on the customer's dedicated computing device is display-based, as in an alpha-numeric or graphical display and appropriate software.
  • the device for output to the customer on the customer's dedicated computing device is to a port, as in a parallel port to a printer.
  • the device for output to the customer is to a printer integrated into the customer device.
  • a system for handling an order confirmation request from a validating computing device comprising the following :
  • a system for working with a validating computing device and an order-filling computing device to confirm, bill, and fill a customer order comprising the following : a providing the supplier with a dedicated computing device for security- critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device; b initially validating the customer order on the supplier's order-filling computing device; c encrypting the order with supplier's private code and sending payment request to the validating computing device; d decrypting payment confirmation received from validating computing device; e notifying supplier's order-filling computing device to execute order; f filling order by providing goods or services to customer.
  • a system for facilitating online transactions between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device comprising the following :
  • a providing the customer with a dedicated computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device; b providing the supplier with a dedicated computing device for security- critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device; c requesting customer confirmation, comprising the following: i initially validating the customer order on the supplier's order-filling computing device; ii encrypting the order with supplier's private code and sending a payment request to the validating computing device; iii decrypting the order, encrypting with user's private code and sending to customer's dedicated computing device; iv decrypting the order and outputting it to the customer;
  • FIG. 1 is a general block diagram of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
  • FIG. 2A is a block diagram of a dedicated customer computing device for secure electronic transactions integrated into a bidirectional remote control unit of a Web-enabled television set in accordance with an alternative embodiment of the present invention.
  • FIG. 2B is a block diagram of a dedicated customer computing device for secure electronic transactions with a second communications port connected to an external printer in accordance with an alternative embodiment of the present invention.
  • FIG. 3A is the first part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
  • FIG. 3B is the second part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
  • FIG. 3C is the third part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
  • FIG. 3D is the fourth part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
  • FIG. 3E is the fifth part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
  • the preferred embodiment of the present invention comprises a number of hardware and software components.
  • a component is introduced in this detailed description, its full name and acronym are given. Thereafter the acronym is used in the description and in the drawings.
  • the components, acronyms and reference numbers are also listed below.
  • FIG. 1 is a block diagram of a system and method for secure data transactions over a communications network in accordance with a preferred embodiment of the present invention.
  • the system is based on three primary entities: a Customer 10, who initiates the transaction, a Supplier 23, who provides a good, service, or other benefit to the Customer, and a Validator 39 who acts as an intermediary between the two for purposes of validating and processing confidential information, such as the identity of the Customer and payment execution.
  • a fourth entity is a bank or other payment authority, which is executes payment from Customer 10 to Supplier 23, upon request by Validator 39.
  • Both the Customer 10 and the Supplier 23 have a dedicated computing device for conducting sensitive steps in the transaction.
  • Each of these dedicated computing devices has a private key and a public ID number. The private key is known only to the dedicated computing device and to the Validator 39.
  • the Validator 39 is the entity that maintains a record of the keys of the two types of dedicated computing devices.
  • a device's key could typically be embedded by the Validator before distributing the device to a Customer 10 or Supplier 23.
  • the Customer 10 or Supplier 23 Upon purchase or installation of the device, the Customer 10 or Supplier 23 would register himself with the Validator 39.
  • other methods and systems known to those familiar with the art can be used to embed the private keys and register the Customer 10 and Supplier 23 with the Validator 39.
  • the present invention involves encrypted messages sent over a secure channel.
  • decryption is accomplished using public and private keys.
  • Other methods and systems could equally be used to achieve this functionality, such as doing without public keys and instead having the decrypting device simply try every private key until it finds the correct one.
  • the Customer 10 uses a Customer Standard Computer with an Internet Browser (CSCIB) 18.
  • the CSCIB 18 is a computing device with Internet access (Web browsing capability) and having a local communications port (such as a serial port) 11.
  • the CSCIB 18 is a personal computer but it can be any computing device with these capabilities, for example, a Web-enabled cellular phone.
  • the customer's transaction takes place at a Supplier's Web site accessed via the Internet.
  • a Supplier's Web site accessed via the Internet.
  • other means for electronic commerce can be used, such as an intranet or a proprietary e-commerce application.
  • the Customer Interface Unit (CIU) 14 is connected to the CSCIB's 18 local communications port 11.
  • the CIU 14 is the dedicated computing device for the Customer side of the transaction.
  • the CIU 14 includes a means for user input, (which in the preferred embodiment is a keypad), and a means for output to the user, (which in the preferred embodiment is a display).
  • the CIU 14 output can alternatively, or additionally, be to a printer 15.
  • the printer 15 is connected to a second communications port on the CIU 14.
  • the printer 15 could be integrated into the CIU 14.
  • the CSCIB 18 software that communicates with the CIU 14 is a dedicated software module, the Customer Computer Interface Software (CCIS) 12.
  • the CIU 14 includes an encryption/decryption algorithm embedded with the unique private key for that particular CIU.
  • the CIU 14 transmits and receives encrypted messages via the CSCIB 18 and the Internet.
  • the CIU 14 can optionally include electronic means for identifying the Customer before allowing him access.
  • electronic means for identifying the Customer are well known, such as personal identification code, fingerprint, voice, or retinal pattern.
  • the CIU 14 is a standalone device.
  • the CIU 14 can be integrated into the CSCIB 18 or into another device, such as a cellular telephone or smart card. If the CIU 14 is integrated into another device, it must be implemented such that its hardware and software are independent of the rest of the device, with only a restricted communication channel connecting the two.
  • the primary function of the CIU 14 is to enable secure user I/O, including encryption/decryption.
  • the other operations required: messaging and browsing via the Internet, are done via the CSCIB 18.
  • FIG. 2B is an alternative embodiment of the present invention where the CIU 14 is integrated into a remote control unit for a Web-enabled television set, where the television set is used for the CSCIB 18 parts of the transaction.
  • the communications link between the remote control unit and the television set is bidirectional.
  • the CSCIB 18 is used by the Customer to perform the noncritical e-commerce tasks, such as item selection.
  • encrypted Internet messages related to the transaction are handled only by the CIU 14.
  • the CSCIB 18 is merely a bidirectional channel, connecting to the CIU 14 the local communications port 11 at one end and to the Internet at the other end.
  • Encrypted transaction confirmation requests are decrypted by the CIU 14 and displayed on its display.
  • the Customer views the information and enters his responses via the CIU's 14 keypad.
  • the CIU 14 encrypts the information and transmits it via the local communications port 11 of the CSCIB 18 to the Validation Center 40, as described later in this specification.
  • the Supplier Internet Web Site (SIWS) 26 is an e-commerce Web site running on a Web server on the Internet.
  • the SIWS 26 has a first bidirectional communications connection 21 to an external computing device called the Supplier Interface Unit (SIU) 24.
  • SIU Supplier Interface Unit
  • the software that manages the communication on the SIWS 26 side is referred to herein as the Supplier Web Site Interface Software SWSIS 28 module.
  • the SIU 24 runs an encryption/decryption algorithm embedded with a unique private key for that particular SIU 24.
  • the SIU 24 is able to receive and transmit encrypted messages via the SIWS 26 over the Internet.
  • the SIU 24, in addition to having a first bidirectional communications connection 21 to the SIWS 26, has a second bidirectional communications connection 23 to one or more computing devices called the Order Computer(s) (OC) 15.
  • the OC 15 is used to verify that the Customer has not been fooled by someone tampering with the Supplier's Web site (i.e., that the product, the price, etc. in the Customer order are identical to what is being offered on the SIWS 26).
  • Another task of the OC 15 is to fill the order (through the Supplier's standard order fulfillment system, once Customer confirmation has been received from the VC 40 (described later) via the SIU 24.
  • a third task of the OC 15 is to ensure that each order passing through the system has a unique identifier and then to look for that identifier in the final payment confirmation received from the VC 40. The purpose here is to keep each order processed unique and thereby prevent an unauthorized resend of a previously sent confirmation message somewhere in the system. In the preferred embodiment of the present invention, this identifier is a unique order number added by the OC 15 to the transaction details.
  • the tasks of the OC 15 can be done by the same OC 15 or by different OCs 15.
  • the SIU 24 receives transaction details from the SIWS 26, requests initial verification and unique order number from the OC 15, and after encrypting the transaction details and order number, transmits them to the Validation Center (VC) 40 via the SIWS 26 and the Internet. It will be noted that the SIU acts as a buffer between the SIWS 26, which is open to the Internet and the OC 15, which contains sensitive information.
  • the VC 40 is a computing device connected to the Internet that holds all Customer and Supplier private keys indexed to their public ID numbers.
  • the VC 40 receives encrypted order messages from the SIU 24, decodes them using the Supplier's public ID number, validates them (i.e., checks that the Customer exists, that the Supplier exists, that the order meets basic criteria such as being within the Supplier's and Customer's credit range, etc.), encrypts an order confirmation request (including order number) using the Customer's private key, and sends the encrypted request to the CIU 14 via the Internet and the CSCWB 18 for Customer confirmation.
  • the CIU 14 decrypts the request and displays it.
  • the Customer responds by entering his confirmation/rejection to the CIU, which the CIU 14 then encrypts (including the unique order number) using the Customer's private key and sends back to the VC 40.
  • the VC 40 contacts the bank or other payment authority 41 and requests the payment. This part of the transaction follows standard payment execution procedures, such as those used for credit card payments.
  • the VC 40 Upon notification of payment, the VC 40 then encrypts a validation confirmed message (including the unique order number) using the Supplier's private key and sends it to the SIU 24.
  • the SIU decrypts the validation message and sends the validation message to the OC 15.
  • the OC 15 performs a final check, verifying that the unique order number is correct, then executes the transaction, e.g., ships the goods.
  • the CIU 14 and the SIU 24 are physical devices, this is not a requirement. What is a requirement is that they have the functionality defined in this disclosure.
  • this functionality consists, as mentioned, of dedicated encryption/decryption and user input/output for security-critical transaction steps, together with a limited communications channel to the CSCIB 18.
  • the purpose being to eliminate outside access to operations performed with the CIU 14.
  • the functionality consists, as mentioned, of dedicated encryption/decryption together with a limited communications channel to the SIWS 26 and the OC 20.
  • the implementation does not have to be physically separated from the other parts of the respective Customer 10 or Supplier 23 computing devices.
  • the CIU 14 could be integrated into the CSCIB 18 or into a third device, such as a cellular phone.
  • FIG. 3A to FIG. 3E is a flow chart describing the operation of a system for secure data transactions over a communications network in accordance with a preferred embodiment of the present invention.
  • the flowchart extends across the figures. The continuation of the chart from figure to figure is indicated by ending a flowchart with a letter, for example B in FIG. 3A and then starting the next flowchart with that letter (i.e., B at the top of FIG. 3B).
  • a Customer uses a Customer Standard Computer with an Internet Browser (CSCIB) 18 to shop at a Supplier Internet Web Site (SIWS) 26.
  • CSCIB Customer Standard Computer with an Internet Browser
  • SIWS Supplier Internet Web Site
  • the Customer selects the item and issues a purchase order (e.g., checks out his shopping cart).
  • the Customer 10 must be identified to the Supplier 23 by his Customer Public Code Number (CPCN) 16, which can be entered by the Customer himself, taken from the CSCIB 18 as a cookie or similar automatic means, or taken from the CIU 14.
  • CPCN Customer Public Code Number
  • RTCN Random Transaction Code Number
  • the idea of the RTCN 22 is to enable the Customer the option of requesting an anonymous public code from the Validation Center. For example, a Customer might want to preserve his anonymity for one or more transactions.
  • the RTCN 22 is used in place of the CPCN 16 for the transaction. How the CIU gets the RTCN 22 can be done any number of ways. It can be done as a request from the CIU to the VC at the time of the transaction, a new RTCN 22 can be automatically maintained in a buffer in the CIU 14 by the VC, etc.
  • the CPCN 16 or RTCN 22 is sent by the CSCIB 18 to the SIWS 26 as part of the order.
  • the Customer 10 may choose to send further information with the order, such as his preferred payment method, the delivery address, his e- mail address, etc. This information can be included in the order either by the customer himself, by having the CSCIB 18 supply it with a cookie or similar automatic means, or from the CIU 14.
  • step 66 the order reaches the SIWS 26 where the SWSIS 28 recognizes that the order is coming from a ClU-equipped 14 Customer.
  • step 68 the SWSIS 28 sends the transaction data to the OC 20 via the SIU 24.
  • step 70 the OC 20 checks that the transaction accords with what is being offered on the Web site (in other words, the probability is that this is not a bogus order).
  • step 72 If the OC determines that the transaction data is invalid, the order is aborted (step 72).
  • the OC 20 adds a unique order number to the transaction data and sends them with approval to the SIU 24.
  • the unique order number is used in every subsequent message concerning that order.
  • the SIU 24 encrypts the transaction data using the Supplier's private key and sends the encrypted data and the Supplier's public ID number to the VC 40. It can be sent via the SIWS 26, directly via the Internet, or by any other communication method or system.
  • step 76 the VC 40 uses the Supplier's public ID number to look up the Supplier's private key and decrypt the transaction data. Then the VC 40 does a preliminary validation (step 78). Typically this would involve checking that the Supplier exists and that the order would appear to be for goods or services provided by that supplier.
  • step 80 if the preliminary validation fails, the VC 40 aborts the order.
  • the VC looks up the private key for Customer (using as an index the CPCN 16 or RTCN 22 that was included in the transaction data), uses the private key to encrypt the transaction data, and sends the encrypted data to the CIU 14 via the CSCIB 18 and the Internet.
  • the Customer e-mail address can entered with the order by the customer, added by the Supplier from its database, or taken by the VC 40 from the private key lookup table.
  • the CIU 14 receives the transaction data, decrypts it, and displays the information to the Customer. Typically, this includes a list of products ordered, their prices, the payment method, and the total amount to be paid. From this point on, the price commitment of the Supplier is considered final.
  • step 86 the Customer checks the transaction information and uses the CIU 14 keypad to confirm or reject the transaction. From this point on, the Customer's approval/disapproval of the transaction is considered final.
  • step 88 the CIU 14 encrypts the Customer response using the Customer's private key and sends the response and the CPCN 16 to the VC 40.
  • step 90 the VC 40 takes the CPCN 16 and looks up the Customer's private key, which it then uses to decrypt the response and to see what it is (step 92).
  • the VC 40 uses standard secure electronic banking methods to check the Customer's credit for the payment method that the Customer has selected.
  • the VC 40 If the VC 40 is unable to confirm the Customer's ability to pay (100), the transaction is aborted, otherwise (step 102), the VC 40 proceeds to debit the Customer's account and credit the Supplier account with the amount of the transaction.
  • the VC 40 encrypts a message confirming payment using the Supplier's private key and sends the encrypted message to the SIU 24.
  • the SIU 24 decrypts the message and in step 106 checks to see whether it is positive (Customer paid). If he didn't pay (step 108), the transaction is aborted, otherwise (step 110), the SIU 24, sends the data to the OC 20, which checks the approved transaction against the original order (standard data integrity check) and supplies the Customer with the goods and/or services.
  • the present invention provides a novel design of a system that provides full protection against the theft of information via a communications network.
  • This design of the system for secure transactions via a communications network makes it particularly suitable for e-commerce transactions via the Internet. This is important for preventing unlawful access to Customer and/or supplier data and as a consequence promotes the growth of secure e- commerce.

Abstract

A method and a system for facilitating online commerce between a customer's computing device (18) and a supplier's computing device (15), in cooperation with a validating computing device (26). Security-sensitive input/output operations are carried out at each end of the transaction by dedicated computing means, one for the customer and one for the supplier. The dedicted customer computing means (18) is communication-connected (15) to the supplier's e-commerce server (26) and order-processing computer (15) via separate connections. Encrypted messages pass between the dedicated devices via a validating third party. The tasks handled are: requesting customer confirmation; executing payment upon confirmation and supplying goods or services.

Description

SYSTEM AND METHOD FOR SECURE TRANSACTIONS VIA A COMMUNICATIONS NETWORK
FIELD OF THE INVENTION
The present invention relates to network data communications. More particularly, it relates to ensuring the security of transactions conducted over a communications network.
BACKGROUND OF THE INVENTION
Transactions carried out via a communications network must be protected from access by unauthorized parties. The protection must extend to the computers of both parties conducting the transaction as well as the communications network itself. A common example of such a transaction is where a customer purchases a good or service from a supplier's Web site, in other words an e-commerce transaction.
The e-commerce transaction is vulnerable to any number of malicious interference on the part of unauthorized intruders, referred to herein as hackers. Some examples: A hacker can conduct an illegal transaction on the supplier Web site by remotely manipulating a legitimate customer's computer without that customer being aware of his doing so or by impersonating the customer after surreptitiously learning the customer's identification code or credit card number. Similarly a hacker can penetrate the supplier's Web site, sending bogus information to the customer or intercepting the customer's payment. In other words, the hacker can interfere with the information transferred between the two parties to the transaction, particularly regarding what the customer thinks he is buying, what the supplier thinks the customer is buying, whether the customer approves payment, and whether payment is received by the supplier.
To protect against these and other illegal activities, the customer computer, the supplier Web site server computer, and the communications link must be made secure. The only way to guarantee 100% security for such a client- server architecture would be to create a completely closed system. This is almost never practical. In fact computers are built for flexibility and Internet protocols are designed for universality.
Attempts have been made to improve security, but the solutions offered to date have only been partial in nature, protecting either the communication line or the computers themselves. Moreover, these partial solutions are usually expensive and require technical expertise. Presently, no single system exists that provides an all- encompassing, affordable, easy-to-use solution to the problem of securing electronic transactions, particularly via the Internet. For example, software has been developed to encrypt the data transmitted between the customer's and supplier's computers, but this only protects against data interception on the communication line. Both the customer's and supplier's computers remain exposed to hackers who can potentially access information stored on them.
Another solution has been to use a hardware interface in the customer's computer that can identify the computer and verify its identification to the supplier's computer. This solution does not adequately address the problem of hackers penetrating the customer computer's software through which the computer's input and output functions.
US patent 5,883,810, awarded in 1999 to Franklin et al, and entitled "Electronic online commerce card with transaction proxy number for online transactions," describes an online commerce system where an issuing institution generates a temporary transaction number for a customer and associates it with the customer's permanent account number in a data record. The customer submits the transaction number to the merchant as a proxy for the customer account number. The merchant handles the transaction number in the same manner as any regular credit card number. When the merchant asks the issuing institution for verification, the issuing institution references the customer account number, using the transaction number as an index, processes the authorization request using the real customer account number in place of the proxy number, and sends an authorization reply back to the merchant under the transaction number.
This system still does not prevent hackers from taking control of a customer's or supplier's computer either directly or via a virus-type of malicious program. US patent no. 5,524,072, awarded in 1996 to Labaton et al, entitled "Methods and apparatus for data encryption and transmission" provides a portable hand-held module having the confidential data and a predetermined encryption algorithm embedded therein. The apparatus which receives the encrypted transmission is equipped with an interface computer having decryption circuitry in which the inverse of the forgoing encryption algorithm is embedded.
The module includes input means for the customer to enter his order and a DTMF tone generator for communicating the customer order and ID number to a computer via that computer's microphone. While the tone generation is compatible with some aspects of telephony, it is limited for use with computers since it is unidirectional - from the customer to the computer. Furthermore, the customer is required to reenter transaction details himself as part of the confirmation process. This is tedious for the customer and creates the possibility of errors creeping in.
In addition, this system does not include any dedicated secure device for the supplier side of the transaction, nor does it provide for third party validation of the transaction, nor is their a mechanism for verifying that the information presented to the customer is valid.
The present invention is unique in that it is designed to provide full, affordable, easy-to-use security for electronic transactions. It completely prevents hackers from using the customer and supplier computers to access the critical parts of the transaction. This is accomplished by moving these parts, including encryption/decryption, out of the computers and into dedicated external computing devices. The external devices are connected to the computers via a secure communications protocol that limits the computer's access to the device to only predefined functions. No transaction is completed until the customer has approved it via the user input means of his external computing device. Therefore, it is physically impossible for a remote hacker to carry out an unauthorized transaction.
Another advantage of the present invention is that any or all parts of the invention can be fully automated, operating without human intervention.
The preferred embodiment of the present invention applies to e-commerce transactions via the Internet. The same principles can be applied in alternative embodiments for other forms of data transactions on other types of communications networks.
BRIEF DESCRIPTION OF THE INVENTION
There is thus provided in accordance with a preferred embodiment of the present invention, a method for facilitating online commerce between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device, the method compπsing the following steps: a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; and b providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; and c requesting customer confirmation; and d executing payment upon confirmation; and e supplying goods or services,
thereby facilitating online commerce between a customer and a supplier.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the requesting customer confirmation step comprises the following steps:
a initially validating the customer order on the supplier's order-filling computing means; b encrypting the order with supplier's private code and sending a payment request to the validating computing device; c decrypting the order, encrypting with user's private code and sending to customer's dedicated computing means; d decrypting the order and outputting it to the customer; e the customer inputting his or her confirmation; f encrypting the confirmation and sending to the validating computing device; Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the executing payment upon confirmation step comprises the following steps:
a decrypting the customer confirmation; b notifying the customer's payment provider to execute payment; c receiving confirmation of payment from said payment provider; d encrypting payment confirmation and sending to supplier's dedicated computing means;
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the supplying goods or services step comprises the following steps:
a decrypting the payment confirmation; b notifying supplier's order-filling computing means to execute order; c filling order by providing goods or services to customer.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the supplier's order-filling computing means performs the further check of comparing order as confirmed with original order.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the method is carried out automatically.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the requesting customer confirmation step, the executing payment upon confirmation step, and the supplying goods or services step are all carried out online. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the method is carried out over the Internet
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the method is carried out over an intranet
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the transaction is initiated at an e- commerce Web site.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the method is carried out automatically.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the validating computing device maintains a copy of the transaction.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the validating computing device maintains a database about the transaction.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that all encrypted messages for a given order have a unique identifier known and checked by the supplier's order- filling computing means.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing means is a stand-alone device. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing means is integrated into a remote control unit, the customer's computing device is a Web-enabled television set, and the two are connected via a bidirectional communications means.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing means is an electronic commerce card;
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the supplier's dedicated computing means is a stand-alone device.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing means is provided with user access protection means.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer input means on the customer's dedicated computing means is touch-based, as in a keyboard, keypad, or touchscreen and appropriate software.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer input means on the customer's dedicated computing means is voice-based, as in a microphone and voice recognition software.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the means for output to the customer on the customer's dedicated computing means is display-based, as in an alpha-numeric or graphical display and appropriate software. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the means for output to the customer on the customer's dedicated computing means is to a port, as in a parallel port to a printer.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the means for output to the customer is to a printer integrated into the customer means.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer has a public identification code.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the validating computing device provides the customer's dedicated computing means with an anonymous identification code.
There is thus also provided in accordance with a preferred embodiment of the present invention, at a customer conducting an online transaction, a method for handling an order confirmation request from a validating computing device, comprising the following steps:
a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; b the dedicated computing means receiving an encrypted confirmation request from the validating computing device; c decrypting the order and outputting it to the customer; d the customer inputting his or her confirmation; e encrypting the confirmation and sending to the validating computing device;
There is thus also provided in accordance with a preferred embodiment of the present invention, at a supplier conducting an online transaction, a method for working with a validating computing device and an order-filling computing means to confirm, bill, and fill a customer order, comprising the following steps:
a providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; b initially validating the customer order on the supplier's order-filling computing means; c encrypting the order with supplier's private code and sending payment request to the validating computing device; d decrypting payment confirmation received from validating computing device; e notifying supplier's order-filling computing means to execute order; f filling order by providing goods or services to customer.
There is thus also provided in accordance with a preferred embodiment of the present invention, a method for facilitating online transactions between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device, the method comprising the following steps: a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; b providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; c requesting customer confirmation, comprising the following steps: i initially validating the customer order on the supplier's order-filling computing means; ii encrypting the order with supplier's private code and sending a payment request to the validating computing device; iii decrypting the order, encrypting with user's private code and sending to customer's dedicated computing means; iv decrypting the order and outputting it to the customer; v the customer inputting his or her confirmation; vi encrypting the confirmation and sending to the validating computing device; d executing payment upon confirmation, comprising the following steps: i initially validating the customer order on the supplier's order-filling computing means; ii decrypting the customer confirmation; iii notifying the customer's payment provider to execute payment; iv receiving confirmation of payment from said payment provider; v encrypting payment confirmation and sending to supplier's dedicated computing means; a) and supplying the goods or services, comprising the following steps: i decrypting the payment confirmation; ii notifying supplier's order-filling computing means to execute order; iii filling order by providing goods or services to customer.
There is thus also provided in accordance with a preferred embodiment of the present invention, a system for facilitating online transactions between a customer's computer device and a supplier's computing device, in cooperation with a validating computing device, the system comprising the following:
a a dedicated customer computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device and programmed to receive an order confirmation request, decrypt the request, output the request to the user (customer), receive the customer's response (input) to the confirmation request, encrypt the customer response; and send the response to the validating computing device; b a dedicated supplier computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device and programmed to receive a customer order from the supplier's transaction site, encrypt an order and payment confirmation request, send the request to the validating computing device; receive order and payment confirmed message from the validating computing device, and notify the order-filling computing device to fill the order. c the validating computing device being configured to receive an order and payment confirmation request from the dedicated supplier computing device, decrypt the request, encrypt an order confirmation request for the customer, send the request to the customer, receive the customer's response, decrypt the response, notify the customer's payment provider to execute payment, receive confirmation of payment from said payment provider; encrypt an order and payment confirmed message, and send said message to the dedicated supplier computing device.
There is thus also provided in accordance with a preferred embodiment of the present invention, a system for facilitating online commerce between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device, the system comprising the following:
a providing the customer with a dedicated computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device; and
. b providing the supplier with a dedicated computing device for security- critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device; and c requesting customer confirmation; and d executing payment upon confirmation; and e supplying goods or services. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the confirmation comprises the following:
a initially validating the customer order on the supplier's order-filling computing device; b encrypting the order with supplier's private code and sending a payment request to the validating computing device; c decrypting the order, encrypting with user's private code and sending to customer's dedicated computing device; d decrypting the order and outputting it to the customer; e the customer inputting his or her confirmation; f encrypting the confirmation and sending to the validating computing device;
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that executing payment upon confirmation comprises the following:
a decrypting the customer confirmation; b notifying the customer's payment provider to execute payment; c receiving confirmation of payment from said payment provider; d encrypting payment confirmation and sending to supplier's dedicated computing device;
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the supplying goods or services comprises the following:
a decrypting the payment confirmation; b notifying supplier's order-filling computing device to execute order; c filling order by providing goods or services to customer. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the supplier's order-filling computing device performs the further check of comparing order as confirmed with original order.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the system is automatic.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the requesting customer confirmation, the executing payment upon confirmation, and the supplying goods or services are all carried out online.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the system is implemented over the Internet.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the system is implemented over an intranet.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the validating computing device maintains a copy of the transaction.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the validating computing device maintains a database about the transaction. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that all encrypted messages for a given order have a unique identifier known and checked by the supplier's order- filling computing device.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the transaction is initiated at an e- commerce Web site.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the system is carried out automatically.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing device is a stand-alone device.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing device is integrated into a remote control unit, the customer's computing device is a Web-enabled television set, and the two are connected via a bidirectional communications device.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing device is an electronic commerce card;
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the supplier's dedicated computing device is a stand-alone device. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer's dedicated computing device is provided with user access protection device.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer input device on the customer's dedicated computing device is touch-based, as in a keyboard, keypad, or touchscreen and appropriate software.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer input device on the customer's dedicated computing device is voice-based, as in a microphone and voice recognition software.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the device for output to the customer on the customer's dedicated computing device is display-based, as in an alpha-numeric or graphical display and appropriate software.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the device for output to the customer on the customer's dedicated computing device is to a port, as in a parallel port to a printer.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the device for output to the customer is to a printer integrated into the customer device.
Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the customer has a public identification code. Furthermore, in accordance with another preferred embodiment of the present invention, further comprising that the validating computing device provides the customer's dedicated computing device with an anonymous identification code.
There is thus also provided in accordance with a preferred embodiment of the present invention, at a customer conducting an online transaction, a system for handling an order confirmation request from a validating computing device, comprising the following :
a providing the customer with a dedicated computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device; b the dedicated computing device receiving an encrypted confirmation request from the validating computing device; c decrypting the order and outputting it to the customer; d the customer inputting his or her confirmation; e encrypting the confirmation and sending to the validating computing device;
There is thus also provided in accordance with a preferred embodiment of the present invention, at a supplier conducting an online transaction, a system for working with a validating computing device and an order-filling computing device to confirm, bill, and fill a customer order, comprising the following : a providing the supplier with a dedicated computing device for security- critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device; b initially validating the customer order on the supplier's order-filling computing device; c encrypting the order with supplier's private code and sending payment request to the validating computing device; d decrypting payment confirmation received from validating computing device; e notifying supplier's order-filling computing device to execute order; f filling order by providing goods or services to customer.
There is thus also provided in accordance with a preferred embodiment of the present invention, a system for facilitating online transactions between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device, the system comprising the following :
a providing the customer with a dedicated computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device; b providing the supplier with a dedicated computing device for security- critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device; c requesting customer confirmation, comprising the following: i initially validating the customer order on the supplier's order-filling computing device; ii encrypting the order with supplier's private code and sending a payment request to the validating computing device; iii decrypting the order, encrypting with user's private code and sending to customer's dedicated computing device; iv decrypting the order and outputting it to the customer; v the customer inputting his or her confirmation; vi encrypting the confirmation and sending to the validating computing device; d executing payment upon confirmation, comprising the following: i initially validating the customer order on the supplier's order-filling computing device; ii decrypting the customer confirmation; iii notifying the customer's payment provider to execute payment; iv receiving confirmation of payment from said payment provider; v encrypting payment confirmation and sending to supplier's dedicated computing device; e and supplying the goods or services, comprising the following: i decrypting the payment confirmation; ii notifying supplier's order-filling computing device to execute order; iii filling order by providing goods or services to customer. BRIEF DESCRIPTION OF THE FIGURES
FIG. 1 is a general block diagram of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
FIG. 2A is a block diagram of a dedicated customer computing device for secure electronic transactions integrated into a bidirectional remote control unit of a Web-enabled television set in accordance with an alternative embodiment of the present invention.
FIG. 2B is a block diagram of a dedicated customer computing device for secure electronic transactions with a second communications port connected to an external printer in accordance with an alternative embodiment of the present invention.
FIG. 3A is the first part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
FIG. 3B is the second part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
FIG. 3C is the third part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
FIG. 3D is the fourth part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention. FIG. 3E is the fifth part of a flowchart showing the operation of a system for secure electronic transactions in accordance with a preferred embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
The preferred embodiment of the present invention comprises a number of hardware and software components. When a component is introduced in this detailed description, its full name and acronym are given. Thereafter the acronym is used in the description and in the drawings. The components, acronyms and reference numbers are also listed below.
REF: NO. ACRONYM FULL DESCRIPTION
10 - Customer
12 CCIS - Customer Computer Interface Software.
14 CIU - Customer Interface Unit.
16 CPCN - Customer Public Code Number.
18 CSCIB - Customer Standard Computer with Internet Browser
20 OC - Order Computer.
22 RTCN - Random Transaction Code Number.
23 - Supplier
24 SIU - Supplier Interface Unit.
26 SIWS - Supplier Internet Web Site
28 SWSIS - Supplier Web Site Interface Software.
39 - Validator
40 VC - Validation Computer
41 BC - Bank Computer
Reference is now made to FIG. 1 , which is a block diagram of a system and method for secure data transactions over a communications network in accordance with a preferred embodiment of the present invention. The system is based on three primary entities: a Customer 10, who initiates the transaction, a Supplier 23, who provides a good, service, or other benefit to the Customer, and a Validator 39 who acts as an intermediary between the two for purposes of validating and processing confidential information, such as the identity of the Customer and payment execution. A fourth entity is a bank or other payment authority, which is executes payment from Customer 10 to Supplier 23, upon request by Validator 39.
Both the Customer 10 and the Supplier 23 have a dedicated computing device for conducting sensitive steps in the transaction. Each of these dedicated computing devices has a private key and a public ID number. The private key is known only to the dedicated computing device and to the Validator 39.
The Validator 39 is the entity that maintains a record of the keys of the two types of dedicated computing devices. A device's key could typically be embedded by the Validator before distributing the device to a Customer 10 or Supplier 23. Upon purchase or installation of the device, the Customer 10 or Supplier 23 would register himself with the Validator 39. Or other methods and systems known to those familiar with the art can be used to embed the private keys and register the Customer 10 and Supplier 23 with the Validator 39.
The present invention involves encrypted messages sent over a secure channel. In the preferred embodiment described herein, decryption is accomplished using public and private keys. Other methods and systems could equally be used to achieve this functionality, such as doing without public keys and instead having the decrypting device simply try every private key until it finds the correct one. It is a major purpose of the present invention to enable Customer and Supplier to carry out encryption/decryption procedures and sensitive input/output procedures on their respective dedicated computing devices, thereby eliminating access to these procedures to third parties. In particular this prevents malicious individuals from interfering with the transaction at the endpoints (Customer's Internet browser and Supplier's Web site).
The Customer 10 uses a Customer Standard Computer with an Internet Browser (CSCIB) 18. The CSCIB 18 is a computing device with Internet access (Web browsing capability) and having a local communications port (such as a serial port) 11. In the preferred embodiment of the present invention the CSCIB 18 is a personal computer but it can be any computing device with these capabilities, for example, a Web-enabled cellular phone.
In the preferred embodiment of the present invention, the customer's transaction takes place at a Supplier's Web site accessed via the Internet. Alternatively, other means for electronic commerce can be used, such as an intranet or a proprietary e-commerce application.
The Customer Interface Unit (CIU) 14 is connected to the CSCIB's 18 local communications port 11. The CIU 14 is the dedicated computing device for the Customer side of the transaction. The CIU 14 includes a means for user input, (which in the preferred embodiment is a keypad), and a means for output to the user, (which in the preferred embodiment is a display).
The CIU 14 output can alternatively, or additionally, be to a printer 15. In FIG. 2A the printer 15 is connected to a second communications port on the CIU 14. Alternatively, the printer 15 could be integrated into the CIU 14.
The CSCIB 18 software that communicates with the CIU 14 is a dedicated software module, the Customer Computer Interface Software (CCIS) 12. The CIU 14 includes an encryption/decryption algorithm embedded with the unique private key for that particular CIU.
The CIU 14 transmits and receives encrypted messages via the CSCIB 18 and the Internet.
The CIU 14 can optionally include electronic means for identifying the Customer before allowing him access. Such means are well known, such as personal identification code, fingerprint, voice, or retinal pattern.
In the preferred embodiment of the present invention, the CIU 14 is a standalone device. Alternatively, the CIU 14 can be integrated into the CSCIB 18 or into another device, such as a cellular telephone or smart card. If the CIU 14 is integrated into another device, it must be implemented such that its hardware and software are independent of the rest of the device, with only a restricted communication channel connecting the two.
The primary function of the CIU 14 is to enable secure user I/O, including encryption/decryption. In the preferred embodiment of the present invention, the other operations required: messaging and browsing via the Internet, are done via the CSCIB 18.
Alternatively, the functions of the CSCIB 18 can be integrated into the CIU 14 (as separate hardware and software), or both the CIU 14 and CSCIB 18 can be integrated into a third device, such as a cellular telephone. In that case, again, the CIU 14 functionality is implemented as separate hardware and software, connecting to the rest of the device only through a limited communications channel. FIG. 2B is an alternative embodiment of the present invention where the CIU 14 is integrated into a remote control unit for a Web-enabled television set, where the television set is used for the CSCIB 18 parts of the transaction. The communications link between the remote control unit and the television set is bidirectional.
Returning to FIG. 1 , the CSCIB 18 is used by the Customer to perform the noncritical e-commerce tasks, such as item selection. However encrypted Internet messages related to the transaction are handled only by the CIU 14. For such encrypted messages the CSCIB 18 is merely a bidirectional channel, connecting to the CIU 14 the local communications port 11 at one end and to the Internet at the other end.
Encrypted transaction confirmation requests are decrypted by the CIU 14 and displayed on its display. The Customer views the information and enters his responses via the CIU's 14 keypad.
The CIU 14 encrypts the information and transmits it via the local communications port 11 of the CSCIB 18 to the Validation Center 40, as described later in this specification.
The Supplier Internet Web Site (SIWS) 26 is an e-commerce Web site running on a Web server on the Internet. The SIWS 26 has a first bidirectional communications connection 21 to an external computing device called the Supplier Interface Unit (SIU) 24. The software that manages the communication on the SIWS 26 side is referred to herein as the Supplier Web Site Interface Software SWSIS 28 module.
The SIU 24 runs an encryption/decryption algorithm embedded with a unique private key for that particular SIU 24. The SIU 24 is able to receive and transmit encrypted messages via the SIWS 26 over the Internet. The SIU 24, in addition to having a first bidirectional communications connection 21 to the SIWS 26, has a second bidirectional communications connection 23 to one or more computing devices called the Order Computer(s) (OC) 15. The OC 15 is used to verify that the Customer has not been fooled by someone tampering with the Supplier's Web site (i.e., that the product, the price, etc. in the Customer order are identical to what is being offered on the SIWS 26). Another task of the OC 15 is to fill the order (through the Supplier's standard order fulfillment system, once Customer confirmation has been received from the VC 40 (described later) via the SIU 24. A third task of the OC 15 is to ensure that each order passing through the system has a unique identifier and then to look for that identifier in the final payment confirmation received from the VC 40. The purpose here is to keep each order processed unique and thereby prevent an unauthorized resend of a previously sent confirmation message somewhere in the system. In the preferred embodiment of the present invention, this identifier is a unique order number added by the OC 15 to the transaction details.
The tasks of the OC 15 can be done by the same OC 15 or by different OCs 15.
The SIU 24 receives transaction details from the SIWS 26, requests initial verification and unique order number from the OC 15, and after encrypting the transaction details and order number, transmits them to the Validation Center (VC) 40 via the SIWS 26 and the Internet. It will be noted that the SIU acts as a buffer between the SIWS 26, which is open to the Internet and the OC 15, which contains sensitive information. The VC 40 is a computing device connected to the Internet that holds all Customer and Supplier private keys indexed to their public ID numbers. The VC 40 receives encrypted order messages from the SIU 24, decodes them using the Supplier's public ID number, validates them (i.e., checks that the Customer exists, that the Supplier exists, that the order meets basic criteria such as being within the Supplier's and Customer's credit range, etc.), encrypts an order confirmation request (including order number) using the Customer's private key, and sends the encrypted request to the CIU 14 via the Internet and the CSCWB 18 for Customer confirmation.
The CIU 14 decrypts the request and displays it. The Customer responds by entering his confirmation/rejection to the CIU, which the CIU 14 then encrypts (including the unique order number) using the Customer's private key and sends back to the VC 40.
In the case of a confirmation, the VC 40 contacts the bank or other payment authority 41 and requests the payment. This part of the transaction follows standard payment execution procedures, such as those used for credit card payments. Upon notification of payment, the VC 40 then encrypts a validation confirmed message (including the unique order number) using the Supplier's private key and sends it to the SIU 24. The SIU decrypts the validation message and sends the validation message to the OC 15. The OC 15, performs a final check, verifying that the unique order number is correct, then executes the transaction, e.g., ships the goods.
It is important to note that, while in the preferred embodiment of the present invention the CIU 14 and the SIU 24 are physical devices, this is not a requirement. What is a requirement is that they have the functionality defined in this disclosure. In the case of the CIU 14, this functionality consists, as mentioned, of dedicated encryption/decryption and user input/output for security-critical transaction steps, together with a limited communications channel to the CSCIB 18. The purpose being to eliminate outside access to operations performed with the CIU 14. In the case of the SIU 24, the functionality consists, as mentioned, of dedicated encryption/decryption together with a limited communications channel to the SIWS 26 and the OC 20. As long as these separate, protected functionalities are enabled, the implementation does not have to be physically separated from the other parts of the respective Customer 10 or Supplier 23 computing devices. For example, the CIU 14 could be integrated into the CSCIB 18 or into a third device, such as a cellular phone.
Reference is now made to FIG. 3A to FIG. 3E, which is a flow chart describing the operation of a system for secure data transactions over a communications network in accordance with a preferred embodiment of the present invention. The flowchart extends across the figures. The continuation of the chart from figure to figure is indicated by ending a flowchart with a letter, for example B in FIG. 3A and then starting the next flowchart with that letter (i.e., B at the top of FIG. 3B).
In step 60, a Customer uses a Customer Standard Computer with an Internet Browser (CSCIB) 18 to shop at a Supplier Internet Web Site (SIWS) 26. In step 62, he decides to purchase an item. In step 64, the Customer selects the item and issues a purchase order (e.g., checks out his shopping cart). As part of the transaction, the Customer 10 must be identified to the Supplier 23 by his Customer Public Code Number (CPCN) 16, which can be entered by the Customer himself, taken from the CSCIB 18 as a cookie or similar automatic means, or taken from the CIU 14. If the Customer wishes to remain anonymous, he can instead use a Random Transaction Code Number (RTCN) 22, a one-time, or limited-time, code provided by the VC 40.
The idea of the RTCN 22 is to enable the Customer the option of requesting an anonymous public code from the Validation Center. For example, a Customer might want to preserve his anonymity for one or more transactions. The RTCN 22 is used in place of the CPCN 16 for the transaction. How the CIU gets the RTCN 22 can be done any number of ways. It can be done as a request from the CIU to the VC at the time of the transaction, a new RTCN 22 can be automatically maintained in a buffer in the CIU 14 by the VC, etc.
The CPCN 16 or RTCN 22 is sent by the CSCIB 18 to the SIWS 26 as part of the order. The Customer 10 may choose to send further information with the order, such as his preferred payment method, the delivery address, his e- mail address, etc. This information can be included in the order either by the customer himself, by having the CSCIB 18 supply it with a cookie or similar automatic means, or from the CIU 14.
In step 66, the order reaches the SIWS 26 where the SWSIS 28 recognizes that the order is coming from a ClU-equipped 14 Customer.
In step 68, the SWSIS 28 sends the transaction data to the OC 20 via the SIU 24. In step 70, the OC 20 checks that the transaction accords with what is being offered on the Web site (in other words, the probability is that this is not a bogus order).
Since the SIWS 26 may not be fully secure, this double check is necessary.
If the OC determines that the transaction data is invalid, the order is aborted (step 72).
Otherwise (step 74), the OC 20 adds a unique order number to the transaction data and sends them with approval to the SIU 24. The unique order number is used in every subsequent message concerning that order. The SIU 24 encrypts the transaction data using the Supplier's private key and sends the encrypted data and the Supplier's public ID number to the VC 40. It can be sent via the SIWS 26, directly via the Internet, or by any other communication method or system.
In step 76, the VC 40 uses the Supplier's public ID number to look up the Supplier's private key and decrypt the transaction data. Then the VC 40 does a preliminary validation (step 78). Typically this would involve checking that the Supplier exists and that the order would appear to be for goods or services provided by that supplier.
In step 80, if the preliminary validation fails, the VC 40 aborts the order.
Otherwise (step 82), the VC looks up the private key for Customer (using as an index the CPCN 16 or RTCN 22 that was included in the transaction data), uses the private key to encrypt the transaction data, and sends the encrypted data to the CIU 14 via the CSCIB 18 and the Internet. (The Customer e-mail address can entered with the order by the customer, added by the Supplier from its database, or taken by the VC 40 from the private key lookup table. In step 84 the CIU 14 receives the transaction data, decrypts it, and displays the information to the Customer. Typically, this includes a list of products ordered, their prices, the payment method, and the total amount to be paid. From this point on, the price commitment of the Supplier is considered final.
In step 86, the Customer checks the transaction information and uses the CIU 14 keypad to confirm or reject the transaction. From this point on, the Customer's approval/disapproval of the transaction is considered final.
In step 88, the CIU 14 encrypts the Customer response using the Customer's private key and sends the response and the CPCN 16 to the VC 40.
In step 90, the VC 40 takes the CPCN 16 and looks up the Customer's private key, which it then uses to decrypt the response and to see what it is (step 92).
If the customer's response is negative, the order is aborted (94).
Otherwise (steps 96, 98), the VC 40 uses standard secure electronic banking methods to check the Customer's credit for the payment method that the Customer has selected.
If the VC 40 is unable to confirm the Customer's ability to pay (100), the transaction is aborted, otherwise (step 102), the VC 40 proceeds to debit the Customer's account and credit the Supplier account with the amount of the transaction.
The VC 40 encrypts a message confirming payment using the Supplier's private key and sends the encrypted message to the SIU 24. In step 104, the SIU 24 decrypts the message and in step 106 checks to see whether it is positive (Customer paid). If he didn't pay (step 108), the transaction is aborted, otherwise (step 110), the SIU 24, sends the data to the OC 20, which checks the approved transaction against the original order (standard data integrity check) and supplies the Customer with the goods and/or services.
The present invention provides a novel design of a system that provides full protection against the theft of information via a communications network.. This design of the system for secure transactions via a communications network makes it particularly suitable for e-commerce transactions via the Internet. This is important for preventing unlawful access to Customer and/or supplier data and as a consequence promotes the growth of secure e- commerce.
It should be clear that the description of the embodiments and attached Figures set forth in this specification serves only for a better understanding of the invention, without limiting its scope as covered by the following Claims.
It should also be clear that a person skilled in the art, after reading the present specification could make adjustments or amendments to the attached Figures and above described embodiments that would still be covered by the following Claims.

Claims

C L A I M S
We claim:
1 A method for facilitating online commerce between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device, the method comprising the following steps: a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; and b providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; and c requesting customer confirmation; and d executing payment upon confirmation; and e supplying goods or services.
2 A method as recited in claim 1, wherein the requesting customer confirmation step comprises the following steps: a initially validating the customer order on the supplier's order-filling computing means; b encrypting the order with supplier's private code and sending a payment request to the validating computing device; c decrypting the order, encrypting with user's private code and sending to customer's dedicated computing means; d decrypting the order and outputting it to the customer; e the customer inputting his or her confirmation; f encrypting the confirmation and sending to the validating computing device;
A method as recited in claim 1, wherein the executing payment upon confirmation step comprises the following steps: a decrypting the customer confirmation; b notifying the customer's payment provider to execute payment; c receiving confirmation of payment from said payment provider; d encrypting payment confirmation and sending to supplier's dedicated computing means;
A method as recited in claim 1 , wherein the supplying goods or services step comprises the following steps: a decrypting the payment confirmation; b notifying supplier's order-filling computing means to execute order; c filling order by providing goods or services to customer.
A method as recited in claim 1, wherein the supplier's order-filling computing means checks confirmed order against original order.
A method as recited in claim 1, wherein the method is carried out automatically.
A method as recited in claim 1, wherein the requesting customer confirmation step, the executing payment upon confirmation step, and the supplying goods or services step are all carried out online.
A method as recited in claim 1 carried out over the Internet.
A method as recited in claim 1 , carried out over an intranet.
A method as recited in claim 1 , wherein the transaction is initiated at an e- commerce Web site. A method as recited in claim 1, wherein the method is carried out automatically.
A method as recited in claim 1, wherein the validating computing device maintains a copy of the transaction.
A method as recited in claim 1, wherein the validating computing device maintains a database about the transaction.
A method as recited in claim 1, wherein all encrypted messages for a given order have a unique identifier known and checked by the supplier's order-filling computing means.
A method as recited in claim 1, wherein the customer's dedicated computing means is a stand-alone device.
A method as recited in claim 1, wherein the customer's dedicated computing means is integrated into a remote control unit, the customer's computing device is a Web-enabled television set, and the two are connected via a bidirectional communications means.
A method as recited in claim 1, wherein the customer's dedicated computing means is an electronic commerce card;
A method as recited in claim 1 , wherein the supplier's dedicated computing means is a stand-alone device.
A method as recited in claim 1, wherein the customer's dedicated computing means is provided with user access protection means.
A method as recited in claim 1, wherein the customer input means on the customer's dedicated computing means is touch-based, as in a keyboard, keypad, or touchscreen and appropriate software. A method as recited in claim 1 , wherein the customer input means on the customer's dedicated computing means is voice-based, as in a microphone and voice recognition software.
A method as recited in claim 1, wherein the means for output to the customer on the customer's dedicated computing means is display- based, as in an alpha-numeric or graphical display and appropriate software.
A method as recited in claim 1, wherein the means for output to the customer on the customer's dedicated computing means is to a port, as in a parallel port to a printer.
A method as recited in claim 1, wherein the means for output to the customer is to a printer integrated into the customer's dedicated computing means.
A method as recited in claim 1, wherein the customer has a public identification code.
A method as recited in claim 1 , wherein the validating computing device provides the customer's dedicated computing means with an anonymous identification code.
At a customer conducting an online transaction, a method for handling an order confirmation request from a validating computing device, comprising the following steps: a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; b the dedicated computing means receiving an encrypted confirmation request from the validating computing device; c decrypting the order and outputting it to the customer; d the customer inputting his or her confirmation; e encrypting the confirmation and sending to the validating computing device;
At a supplier conducting an online transaction, a method for working with a validating computing device and an order-filling computing means to confirm, bill, and fill a customer order, comprising the following steps: a providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; b initially validating the customer order on the supplier's order-filling computing means; c encrypting the order with supplier's private code and sending payment request to the validating computing device; d decrypting payment confirmation received from validating computing device; e notifying supplier's order-filling computing means to execute order; f filling order by providing goods or services to customer.
A method for facilitating online transactions between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device, the method comprising the following steps: a providing the customer with a dedicated computing means for security-critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device and having user input/output means, the customer's dedicated computing means communicating with the customer computing device; b providing the supplier with a dedicated computing means for security- critical parts of the transaction, the computing means having capabilities for encryption/decryption known only to the computing means and the validating computing device, the supplier's computing means communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing means; c requesting customer confirmation, comprising the following steps: i initially validating the customer order on the supplier's order-filling computing means; ii encrypting the order with supplier's private code and sending a payment request to the validating computing device; iii decrypting the order, encrypting with user's private code and sending to customer's dedicated computing means; iv decrypting the order and outputting it to the customer; v the customer inputting his or her confirmation; vi encrypting the confirmation and sending to the validating computing device; d executing payment upon confirmation, comprising the following steps: i initially validating the customer order on the supplier's order-filling computing means; ii decrypting the customer confirmation; iii notifying the customer's payment provider to execute payment; iv receiving confirmation of payment from said payment provider; v encrypting payment confirmation and sending to supplier's dedicated computing means; e and supplying the goods or services, comprising the following steps: i decrypting the payment confirmation; ii notifying supplier's order-filling computing means to execute order; iii filling order by providing goods or services to customer. A system for facilitating online transactions between a customer's computer device and a supplier's computing device, in cooperation with a validating computing device, the system comprising the following: a a dedicated customer computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device and programmed to receive an order confirmation request, decrypt the request, output the request to the user (customer), receive the customer's response (input) to the confirmation request, encrypt the customer response; and send the response to the validating computing device; b a dedicated supplier computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device and programmed to receive a customer order from the supplier's transaction site, encrypt an order and payment confirmation request, send the request to the validating computing device; receive order and payment confirmed message from the validating computing device, and notify the order-filling computing device to fill the order. c the validating computing device being configured to receive an order and payment confirmation request from the dedicated supplier computing device, decrypt the request, encrypt an order confirmation request for the customer, send the request to the customer, receive the customer's response, decrypt the response, notify the customer's payment provider to execute payment, receive confirmation of payment from said payment provider; encrypt an order and payment confirmed message, and send said message to the dedicated supplier computing device. A system for facilitating online commerce between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device, the system comprising the following steps: a providing the customer with a dedicated computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device; and b providing the supplier with a dedicated computing device for security- critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device; and c requesting customer confirmation; and d executing payment upon confirmation; and e supplying goods or services.
A system as recited in claim 31 , wherein the requesting customer confirmation step comprises the following steps: a initially validating the customer order on the supplier's order-filling computing device; b encrypting the order with supplier's private code and sending a payment request to the validating computing device; c decrypting the order, encrypting with user's private code and sending to customer's dedicated computing device; d decrypting the order and outputting it to the customer; e the customer inputting his or her confirmation; f encrypting the confirmation and sending to the validating computing device; A system as recited in claim 31 , wherein the executing payment upon confirmation step comprises the following steps: a decrypting the customer confirmation; b notifying the customer's payment provider to execute payment; c receiving confirmation of payment from said payment provider; d encrypting payment confirmation and sending to supplier's dedicated computing device;
A system as recited in claim 31 , wherein the supplying goods or services step comprises the following steps: a decrypting the payment confirmation; b notifying supplier's order-filling computing device to execute order; c filling order by providing goods or services to customer.
A system as recited in claim 31 , wherein the supplier's order-filling computing device verifies that the confirmed order matches the original order.
A system as recited in claim 31 , wherein the method is carried out automatically.
A system as recited in claim 31 , wherein the requesting customer confirmation step, the executing payment upon confirmation step, and the supplying goods or services step are all carried out online.
A system as recited in claim 31 , carried out over the Internet
A system as recited in claim 31 , carried out over an intranet
A system as recited in claim 31 , wherein the transaction is initiated at an e-commerce Web site.
A system as recited in claim 31 , wherein the method is carried out automatically. A system as recited in claim 31 , wherein the validating computing device maintains a copy of the transaction.
A system as recited in claim 31 , wherein the validating computing device maintains a database about the transaction.
A system as recited in claim 31 , wherein all encrypted messages for a given order have a unique identifier known and checked by the supplier's order-filling computing device.
A system as recited in claim 31 , wherein the customer's dedicated computing device is a stand-alone device.
A system as recited in claim 31 , wherein the customer's dedicated computing device is integrated into a remote control unit, the customer's computing device is a Web-enabled television set, and the two are connected via a bidirectional communications device.
A system as recited in claim 31, wherein the customer's dedicated computing device is an electronic commerce card;
A system as recited in claim 31 , wherein the supplier's dedicated computing device is a stand-alone device.
A system as recited in claim 31 , wherein the customer's dedicated computing device is provided with user access protection device.
A system as recited in claim 31 , wherein the customer input device on the customer's dedicated computing device is touch-based, as in a keyboard, keypad, or touchscreen and appropriate software.
A system as recited in claim 31 , wherein the customer input device on the customer's dedicated computing device is voice-based, as in a microphone and voice recognition software. A system as recited in claim 31 , wherein the device for output to the customer on the customer's dedicated computing device is display-based, as in an alpha-numeric or graphical display and appropriate software.
A system as recited in claim 31 , wherein the device for output to the customer on the customer's dedicated computing device is to a port, as in a parallel port to a printer.
A system as recited in claim 31 , wherein the device for output to the customer is to a printer integrated into the customer device.
A system as recited in claim 31, wherein the customer has a public identification code.
A system as recited in claim 31 , wherein the validating computing device provides the customer's dedicated computing device with an anonymous identification code.
At a customer conducting an online transaction, A system for handling an order confirmation request from a validating computing device, comprising the following steps: a providing the customer with a dedicated computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device; b the dedicated computing device receiving an encrypted confirmation request from the validating computing device; c decrypting the order and outputting it to the customer; d the customer inputting his or her confirmation; e encrypting the confirmation and sending to the validating computing device; At a supplier conducting an online transaction, A system for working with a validating computing device and an order-filling computing device to confirm, bill, and fill a customer order, comprising the following steps: a providing the supplier with a dedicated computing device for security- critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device; b initially validating the customer order on the supplier's order-filling computing device; c encrypting the order with supplier's private code and sending payment request to the validating computing device; d decrypting payment confirmation received from validating computing device; e notifying supplier's order-filling computing device to execute order; f filling order by providing goods or services to customer.
A system for facilitating online transactions between a customer's computing device and a supplier's computing device, in cooperation with a validating computing device, the method comprising the following steps: a providing the customer with a dedicated computing device for security-critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device and having user input/output device, the customer's dedicated computing device communicating with the customer computing device; b providing the supplier with a dedicated computing device for security- critical parts of the transaction, the computing device having capabilities for encryption/decryption known only to the computing device and the validating computing device, the supplier's computing device communicating with the supplier's computing device and, through a separate communications channel, with the supplier's order-filling computing device; c requesting customer confirmation, comprising the following steps: iv initially validating the customer order on the supplier's order-filling computing device; v encrypting the order with supplier's private code and sending a payment request to the validating computing device; vi decrypting the order, encrypting with user's private code and sending to customer's dedicated computing device; vii decrypting the order and outputting it to the customer; viii the customer inputting his or her confirmation; ix encrypting the confirmation and sending to the validating computing device; d executing payment upon confirmation, comprising the following steps: i initially validating the customer order on the supplier's order-filling computing device; ii decrypting the customer confirmation; iii notifying the customer's payment provider to execute payment; iv receiving confirmation of payment from said payment provider; v encrypting payment confirmation and sending to supplier's dedicated computing device; e and supplying the goods or services, comprising the following steps: i decrypting the payment confirmation; ii notifying supplier's order-filling computing device to execute order; iii filling order by providing goods or services to customer.
PCT/IL2001/000489 2000-05-30 2001-05-29 System and method for secure transactions via a communications network WO2001092982A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU62634/01A AU6263401A (en) 2000-05-30 2001-05-29 System and method for secure transactions via a communications network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US20792700P 2000-05-30 2000-05-30
US60/207,927 2000-05-30

Publications (2)

Publication Number Publication Date
WO2001092982A2 true WO2001092982A2 (en) 2001-12-06
WO2001092982A3 WO2001092982A3 (en) 2002-04-11

Family

ID=22772533

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2001/000489 WO2001092982A2 (en) 2000-05-30 2001-05-29 System and method for secure transactions via a communications network

Country Status (2)

Country Link
AU (1) AU6263401A (en)
WO (1) WO2001092982A2 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001095074A2 (en) * 2000-06-08 2001-12-13 Curriculum Corporation A method and system for securely displaying and confirming request to perform operation on host
US6895502B1 (en) 2000-06-08 2005-05-17 Curriculum Corporation Method and system for securely displaying and confirming request to perform operation on host computer
WO2011025425A1 (en) * 2009-08-28 2011-03-03 Bitgrade Systems Ab Security device
US8090309B2 (en) 2004-10-27 2012-01-03 Chestnut Hill Sound, Inc. Entertainment system with unified content selection
US8195114B2 (en) 2004-10-27 2012-06-05 Chestnut Hill Sound, Inc. Entertainment system with bandless content selection
CN111865893A (en) * 2020-05-27 2020-10-30 福建亿能达信息技术股份有限公司 Budget expenditure declaration system, equipment and medium based on public and private key encryption
US11126397B2 (en) 2004-10-27 2021-09-21 Chestnut Hill Sound, Inc. Music audio control and distribution system in a location

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5590197A (en) * 1995-04-04 1996-12-31 V-One Corporation Electronic payment system and method
US5677955A (en) * 1995-04-07 1997-10-14 Financial Services Technology Consortium Electronic funds transfer instruments
US6038551A (en) * 1996-03-11 2000-03-14 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
US6105008A (en) * 1997-10-16 2000-08-15 Visa International Service Association Internet loading system using smart card
US6233565B1 (en) * 1998-02-13 2001-05-15 Saranac Software, Inc. Methods and apparatus for internet based financial transactions with evidence of payment
US20010039535A1 (en) * 2000-02-09 2001-11-08 Tsiounis Yiannis S. Methods and systems for making secure electronic payments

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5590197A (en) * 1995-04-04 1996-12-31 V-One Corporation Electronic payment system and method
US5677955A (en) * 1995-04-07 1997-10-14 Financial Services Technology Consortium Electronic funds transfer instruments
US6038551A (en) * 1996-03-11 2000-03-14 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
US6105008A (en) * 1997-10-16 2000-08-15 Visa International Service Association Internet loading system using smart card
US6233565B1 (en) * 1998-02-13 2001-05-15 Saranac Software, Inc. Methods and apparatus for internet based financial transactions with evidence of payment
US20010039535A1 (en) * 2000-02-09 2001-11-08 Tsiounis Yiannis S. Methods and systems for making secure electronic payments

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001095074A2 (en) * 2000-06-08 2001-12-13 Curriculum Corporation A method and system for securely displaying and confirming request to perform operation on host
WO2001095074A3 (en) * 2000-06-08 2003-03-20 Curriculum Corp A method and system for securely displaying and confirming request to perform operation on host
US6895502B1 (en) 2000-06-08 2005-05-17 Curriculum Corporation Method and system for securely displaying and confirming request to perform operation on host computer
US9225773B2 (en) 2004-10-27 2015-12-29 Chestnut Hill Sound, Inc. Entertainment system with sourceless selection of networked and non-networked media content
US8090309B2 (en) 2004-10-27 2012-01-03 Chestnut Hill Sound, Inc. Entertainment system with unified content selection
US8195114B2 (en) 2004-10-27 2012-06-05 Chestnut Hill Sound, Inc. Entertainment system with bandless content selection
US8355690B2 (en) 2004-10-27 2013-01-15 Chestnut Hill Sound, Inc. Electrical and mechanical connector adaptor system for media devices
US8725063B2 (en) 2004-10-27 2014-05-13 Chestnut Hill Sound, Inc. Multi-mode media device using metadata to access media content
US8843092B2 (en) 2004-10-27 2014-09-23 Chestnut Hill Sound, Inc. Method and apparatus for accessing media content via metadata
US10114608B2 (en) 2004-10-27 2018-10-30 Chestnut Hill Sound, Inc. Multi-mode media device operable in first and second modes, selectively
US10310801B2 (en) 2004-10-27 2019-06-04 Chestnut Hill Sound, Inc. Media entertainment system with fail-safe alarm modes
US11126397B2 (en) 2004-10-27 2021-09-21 Chestnut Hill Sound, Inc. Music audio control and distribution system in a location
WO2011025425A1 (en) * 2009-08-28 2011-03-03 Bitgrade Systems Ab Security device
CN111865893A (en) * 2020-05-27 2020-10-30 福建亿能达信息技术股份有限公司 Budget expenditure declaration system, equipment and medium based on public and private key encryption

Also Published As

Publication number Publication date
WO2001092982A3 (en) 2002-04-11
AU6263401A (en) 2001-12-11

Similar Documents

Publication Publication Date Title
EP1710980B1 (en) Authentication services using mobile device
EP2143028B1 (en) Secure pin management
RU2645593C2 (en) Verification of portable consumer devices
US8930273B2 (en) System and method for generating a dynamic card value
US8315948B2 (en) Method and device for generating a single-use financial account number
AU2004252925B2 (en) Transaction verification system
JP5050066B2 (en) Portable electronic billing / authentication device and method
US7526652B2 (en) Secure PIN management
US20100153273A1 (en) Systems for performing transactions at a point-of-sale terminal using mutating identifiers
US20020123972A1 (en) Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet
US20060123465A1 (en) Method and system of authentication on an open network
US20070219926A1 (en) Secure method and system of identity authentication
US20060122931A1 (en) Method and device for generating a single-use financial account number
KR20100054757A (en) Payment transaction processing using out of band authentication
WO2006039364A2 (en) System and method for electronic check verification over a network
US20170103395A1 (en) Authentication systems and methods using human readable media
US20020143708A1 (en) System and method for conducting secure on-line transactions using a credit card
WO2001092982A2 (en) System and method for secure transactions via a communications network
WO2002071177A2 (en) Method and system for substantially secure electronic transactions
US20180183805A1 (en) System and method of authorization of simple, sequential and parallel requests with means of authorization through previously defined parameters
US8818905B2 (en) System and method for encrypting interactive voice response application information
US20030221110A1 (en) Method of disposable command encoding (DCE) for security and anonymity protection in information system operations
JPH11219412A (en) Ic card issuing system
CA2204547A1 (en) A method for providing full end to end secure transactional payment services and electronic fund transfer over any unsecured and unreliable network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP