WO2000077733A2 - Electronic commerce system - Google Patents

Electronic commerce system Download PDF

Info

Publication number
WO2000077733A2
WO2000077733A2 PCT/GB2000/002138 GB0002138W WO0077733A2 WO 2000077733 A2 WO2000077733 A2 WO 2000077733A2 GB 0002138 W GB0002138 W GB 0002138W WO 0077733 A2 WO0077733 A2 WO 0077733A2
Authority
WO
WIPO (PCT)
Prior art keywords
user terminal
internet
site
vendor
action
Prior art date
Application number
PCT/GB2000/002138
Other languages
French (fr)
Other versions
WO2000077733A3 (en
Inventor
John Quentin Phillipps
Original Assignee
John Quentin Phillipps
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by John Quentin Phillipps filed Critical John Quentin Phillipps
Priority to AU52328/00A priority Critical patent/AU762413B2/en
Priority to KR1020017015918A priority patent/KR20020035004A/en
Priority to JP2001503133A priority patent/JP2003502743A/en
Priority to CA002376802A priority patent/CA2376802A1/en
Priority to EP00937032A priority patent/EP1190263A2/en
Priority to MXPA01012714A priority patent/MXPA01012714A/en
Priority to BR0011729-3A priority patent/BR0011729A/en
Publication of WO2000077733A2 publication Critical patent/WO2000077733A2/en
Publication of WO2000077733A3 publication Critical patent/WO2000077733A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/347Passive cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1075PIN is checked remotely

Definitions

  • the present invention relates to an electronic commerce system.
  • Internet commerce is a rapidly expanding area. Many goods and services can be ordered via the Internet. To do this, a user typically uses a web browser, such as Netscape Navigator or Microsoft Internet Explorer, to visit a web site of a vendor.
  • the web site will include pages enabling the user to select the goods or services required and a page containing a form by means of which the user can enter their credit or debit card details so that the vendor can receive payment for the ordered goods or services.
  • a disadvantage of this arrangement is that the user must send their credit or debit card details to the vendor via the Internet.
  • the Internet is not a fully secure network and there is the possibility that the credit or debit card details may be intercepted and used in the perpetration of a fraud.
  • an electronic commerce system comprising an Internet connectivity provider site, a financial service provider site for producing transaction IDs, a user terminal programmed with a web browser program, which may be a "microbrowser" in, for example, a AP-enabled phone, and connectable to the Internet connectivity provider site for accessing the Internet, and a World Wide Web vendor site configured for sending a payment card information entry form, e.g. an HTML form, having an action definition, e.g. an action URL, having at least one parameter, associated therewith, wherein the Internet connectivity provider site is configured to intercept messages from the user terminal which include said action definition and substitute at least a payment card number (e.g.
  • payment card numbers are stripped from messages before the messages enter the Internet.
  • the vendor site can still be used by customers, accessing the World Wide Web by means other than the Internet connectivitly provider site, and requires minimal modification from a typical vendor site configuration.
  • World Wide Web shall be taken to include WAP (Wireless Application Protocol) WAE (Wireless Application Environment) origin servers and analogous systems.
  • WAP Wireless Application Protocol
  • WAE Wireless Application Environment
  • a user terminal for a system preferably comprises a computer including user input means, modem means and modem control data for controlling the modem for establishing communication with the Internet connectivity provider site, wherein the modem control data is not modifiable by means of data input using the user input means alone.
  • the user terminal includes read-only storage means storing an machine-specific ID. This ID can be used to confirm the identity of a person sending payment card details from the user terminal.
  • a World Wide Web vendor site for a system according to the present invention is preferably configured to run a process for processing said action definition, said process being capable of:- recognising unsubstituted parameters and recording a transaction in a first manner in response thereto; and recognising substituted parameters, which identify a transaction, and recording the transaction in a second manner in response thereto. More preferably, said process is capable of recognising substituted parameters which indicate a reason (e.g. insufficient credit or incorrectly entered payment card related data) for non-completion of the transaction and sending a page to the user terminal in dependence thereon.
  • a reason e.g. insufficient credit or incorrectly entered payment card related data
  • An Internet connectivity provider site for a system preferably includes:- a database of vendor site IP addresses and associated action definitions; search means for searching the database for the destination IP address in a message from the user terminal; identification means responsive to the search means finding an IP address in the database to identify said action definition in the message; and signalling means for signalling action definition parameters to the financial service provider site in dependence on identification of an action definition by the identification means and receiving a transa ⁇ ion ID or other data not comprising a payment card number therefrom; means for substituting at least a payment card number within the parameter or parameters of said action definition with the transaction ID or other data; and transmission means for sending the modified message to the vendor site.
  • the transmission means is configured to mimic the user terminal when sending said modified message.
  • the Internet connecting provider site may be integrated with the financial service provider site.
  • Figure 1 shows the hardware of first, second and third embodiment of the present invention
  • Figure 2 shows an exemplary credit card details entry HTML form
  • Figure 3 shows the hardware of a fourth embodiment of the present invention
  • first, second and third user terminals i, 2, 3 are connectable via the pstn (public switched telephone network) 4 to a financial service provider site 5.
  • the financial service provider site 5 is connectable via the Internet 6 to first and second Internet vendor sites 7, 8.
  • the number of user terminals 1, 2, 3 is not restricted to three. Similarly, there may be many more Internet vendor sites than the two Internet vendor sites 6, 7 shown.
  • the first user terminal 1 comprises a pad-type computer, such as the Cyrix® WebPADTM, which includes a modem.
  • WindowsCE is used as the operating system for the first user terminal 1.
  • the dial-up networking configuration user interface is disabled so that a user cannot alter the Internet connectivity provider used for Internet access.
  • a web browser program is provided on the first user terminal 1 so that the user can access the World Wide Web using the terminal's modem.
  • the second and third user terminals 2, 3 are of the same construction as the first user terminal 1.
  • the vendor sites 7, 8 comprise web servers.
  • the vendor sites 7, 8 provide HTML forms ( Figure 2) that enable a user to enter their credit card number and expiry date and their address.
  • the financial service provider site 5 comprises a modem bank 10 connected between the pstn 4 and a communication computer 11.
  • the communication computer 11 is also connected to the Internet 6 and to a transaction processor comprising a transaction computer 12 and a database 13.
  • the financial service provider site 5 also comprises a domain name server (DNS) 14.
  • DNS domain name server
  • the financial service provider site 5 is thus configured for the financial service provider to provide Internet connectivity to the user terminals 1, 2, 3. All datagrams to be sent via the Internet 6 from user terminals 1, 2, 3 pass through the communication computer 11.
  • the communication computer 11 contains a database of registered vendor sites 7, 8 including their IP addresses and the "action" URL of the vendor's credit card details form.
  • the making of a purchase by the user of user terminal 1 from the first Internet vendor site 7 will now be described. It will be appreciated that the method is effected by a conventional web browser running on the first user terminal 1 and custom programs running on the communication computer 11, the transaction computer 12 and the web server at the first vendor site 7.
  • the user of the first user terminal 1 switches on the first user teminal 1 and runs the web browser program. This causes the first user terminal 1 to dial up the financial service provider site 5 and log on as with any Internet connectivity provider providing dial-up Internet access.
  • the web browser will submit an initial URL, e.g. for a search engine such as Yahoo or Alta Vista, or the home page of the financial service provider.
  • a name resolver process running on the first user terminal sends the server part of the URL to the DNS 14 and receives back the IP address of that server.
  • the URL is then sent from the first user terminal 1 in a message to the returned IP address.
  • the datagrams from the first user terminal are received by the communication machine 11.
  • the communication machine 11 reads the destination IP address in the header of the first datagram or a message and looks it up in its database of registered vendor sites. Since, in this case, the IP address is not for a registered vendor site, the first datagram is forwarded immediately to the Internet 6 and the subsequent datagrams of the message are forwarded as soon as possible to the Internet 6. In this case the communication computer 111 now operates merely as a router for subsequent datagrams of the message.
  • the destination server responds to the URL in the message from the first user terminal 1 by replying with a message containing HTML code for a page.
  • the datagrams of this message are routed by the Internet 6 to the communication computer 11 which then routes then via the modem bank 10 along the pstn connection to the first user terminal 1.
  • the web browser running on the first user terminal 1, then displays the page defined by the HTML in the reply message.
  • the system operates in this manner until, the first user terminal 1 sends a URL addressed to, for example, the first vendor site 7 which, for example, identifies the vendor's home page.
  • the communication computer 11 finds the destintion IP address in the first datagram of the message containing the URL in its database.
  • the communication machine 11 analyses the message to determine whether it contains the "action" URL of the destination vendor's credit card details form as contained in its database. Since, the URL is for the vendor's home page, the datagrams are now forwarded unmodified to the first vendor site 7 via the Internet 7.
  • the communication computer 11 At the TCP level, once the communication computer 11 has identified that a datagram from the first user terminal 1 is addressed to the first vendor site 7, it must respond to the first user terminal 1 as if it were the first vendor site 7 for connection set up, data transfer and connection termination. Also, when the communication computer 11 forwards the cached message to the first vendor site 7, it must mimic the first user terminal 1 so that the response to the sent URL is correctly addressed to the first user terminal 1 and lost or corrupted datagrams are retransmitted.
  • the user of the first user terminal 1 has decided to make a purchase and has received the first vendor's credit card details form.
  • the user fills in the form and clicks on the SUBMIT button (see Figure 2).
  • This causes the form's action URL to be submitted.
  • the message containing the action URL is intercepted by the communication machine 11 as described above.
  • the communication computer 11 now determines that the action URL is present.
  • the communication computer 11 sends the action URL to the transaction computer 12.
  • the transaction computer 12 compares the data in the action URL with card holder details in the database 13. If the data is incorrect, e.g. the address is not that of the card holder, the transaction computer 12 sends back the message "invalid" to the communication computer 11.
  • the reconstucted action URL is then sent to the first vendor site 7 with the communication computer 11 mimicking the first user terminal 1.
  • the action URL-handling process of the first vendor site 7 validates and logs the transaction ID for later confirmation of the transaction with the credit card company and sends a confirmation HTML page to the first user terminal 1.
  • Logged transaction IDs are send by a secure means, e.g. a direct pstn connection, to the credit card company together with the amount to be charged.
  • the credit card company compares the transaction ID with the records in the database 13 before authorising the transfer of funds to the first vendor.
  • the action URL produced by the credit card form ( Figure 2) includes the value of the transaction.
  • This information is sent by the communication computer 11 to the transaction computer 12 with the credit card number and card holder details.
  • the transaction computer 12 determines by reference to the database 13 whether the user has sufficient credit for the transaction. If the user does not have sufficient credit for the transaction, the transaction computer 12 sends the message "insufficient credit" to the communication computer 11.
  • the reconstucted action URL is then sent to the first vendor site 7 with the communication computer 11 mimicking the first user terminal 1.
  • the user terminals 1, 2, 3 are provided with unique IDs, e.g. chip-specific IDs for their processors.
  • the operation of the communication computer 11 is modified so that on receipt of an action URL for a registerer vendor site 6, 7, it sends a message to the user terminal 1, 2, 3 requesting the ID.
  • a process running on the user terminal 1, 2, 3 responds to this message by sending the ID back to the communication computer 11. If the ID is not received by the communication machine within a predetermined time the connection to the user terminal 1, 2, 3 is dropped as it is assumed that the user terminal 1, 2, 3 is not an authorised terminal.
  • an ID is received, it is passed to the transaction computer 12 with the data from the action URL.
  • the transaction computer 12 tries to match the ID with the credit card number. If there is a match, the process proceeds as in the first embodiment. However, if there is not a match, the transaction computer 12 sends the message "imposter" to the communication computer 11 which responds by dropping the connection to the user terminal 1, 2, 3.
  • caller line identification can be used to identify the telephone line used to dial into the financial service provider site 5. This number can then be passed to a law-enforcement agency with a report of an attempted credit card fraud.
  • first, second and third user terminals 101, 102, 103 are connectable via the pstn (public switched telephone network) 104 to an Internet connectivity provider site 109.
  • a financial service provider site 105 is connected to the Internet connectivity provider site 109 by a leased line 115.
  • Internet connectivity provider site 109 is connectable via the Internet 106 to first and second Internet vendor sites 107, 108.
  • the number of user terminals 101, 102, 103 is not restricted to three. Similarly, there may be many more Internet vendor sites than the two Internet vendor sites 106, 107 shown.
  • the first user terminal 101 comprises a pad-type computer, such as the Cyrix®
  • WebPADTM which includes a modem.
  • WindowsCE is used as the operating system for the first user terminal 101.
  • the dial-up networking configuration user interface is disabled so that a user cannot alter the Internet connectivity provider used for Internet access.
  • a web browser program is provided on the first user terminal 101 so that the user can access the World Wide Web using the terminal's modem.
  • the second and third user terminals 102, 103 are of the same construction as the first user terminal 101.
  • the vendor sites 107, 108 comprise web servers.
  • the vendor sites 107, 108 provide HTML forms ( Figure 2) that enable a user to enter their credit card number and expiry date and their address.
  • the Internet connectivity provider site 109 comprises a modem bank 110 connected between the pstn 104 and a communication computer 111.
  • the communication computer 111 is also connected to the Internet 106.
  • the Internet connectivity provider site 109 also comprises a domain name server (DNS) 114.
  • DNS domain name server
  • the financial service provider site 105 comprises a transaction computer 112 and a database 113.
  • the transaction computer 112 is connected to the communication computer 111 by the leased line 115.
  • the communication computer 111 contains a database of registered vendor sites 107, 108 including their IP addresses and the "action" URL of the vendor's credit card details form.
  • the making of a purchase by the user of user terminal 101 from the first Internet vendor site 107 will now be described. It will be appreciated that the method is effected by a conventional web browser running on the first user terminal 101 and custom programs running on the communication computer 111, the transaction computer 112 and the web server at the first vendor site 107.
  • the user of the first user terminal 101 switches on the first user teminal 101 and runs the web browser program. This causes the first user terminal 101 to dial up the Internet connectivity provider site 109 and log on as with any Internet connectivity provider providing dial-up Internet access.
  • the web browser will submit an initial URL, e.g. for a search engine such as Yahoo or Aha Vista, or the home page of the Internet connectivity service provider.
  • a name resolver process running on the first user terminal sends the server part of the URL to the DNS 114 and receives back the IP address of that server.
  • the URL is then sent from the first user terminal 101 in a message to the returned IP address.
  • the datagrams from the first user terminal 101 are received by the communication machine 111.
  • the communication machine 111 reads the destination IP address in the header of the first datagram and looks it up in its database of registered vendor sites. Since, in this case, the IP address is not for a registered vendor site 107, 108, the first datagram is forwarded immediately to the Internet 106 and the subsequent datagrams of the message are also immediately forwarded to the Internet 106. In this case the communication computer 111 now operates merely as a router for subsequent datagrams of the message.
  • the destination server responds to the URL in the message from the first user terminal 101 by replying with a message containing HTML code for a page.
  • the datagrams of this message are routed by the Internet 106 to the communication computer 111 which then routes then via the modem bank 110 along the pstn connection to the first user terminal 101.
  • the web browser running on the first user terminal 101, then displays the page defined by the HTML in the reply message.
  • the system operates in this manner until, the first user terminal 101 sends a URL addressed to the first vendor site 107 which, for example, identifies the vendor's home page.
  • the communication computer 11 finds the destintion IP address in the first datagram of the message containing the URL in its database.
  • the communication computer 111 caches the datagrams until the whole message has been received.
  • the communication machine 111 analyses the message to determine whether it contains the "action" URL of the destination vendor's credit card details form as contained in its database. Since, the URL is for the vendor's home page, the datagrams are now forwarded unmodified to the first vendor site 107 via the Internet 106.
  • the communication computer 111 At the TCP level, once the communication computer 111 has identified that a datagram from the first user terminal 101 is addressed to the first vendor site 107, it must respond to the first user terminal 101 as if it were the first vendor site 107 for connection set up, data transfer and connection termination. Also, when the communication computer 111 forwards the cached message to the first vendor site 107, it must mimic the first user terminal 101 so that the response to the sent URL is correctly addressed to the first user terminal 101 and lost or corrupted datagrams are retransmitted.
  • the communication computer 111 now determines that the action URL is present.
  • the communication computer 111 On determining that the action URL is present, the communication computer 111 sends the action URL to the transaction computer 112.
  • the transaction computer 112 compares the data in the action URL with card holder details in the database 113. If the data is incorrect, e.g. the address is not that of the card holder, the transaction computer 112 sends back the message "invalid" to the communication computer 111.
  • the reconstucted action URL is then sent to the first vendor site 107 with the communication computer 111 mimicking the first user terminal 101.
  • the transaction computer 112 If the data in the action URL is correct, the transaction computer 112 generates a unique transaction ID, which it stores in the database 113 against the card holder's account, and sends the transaction ID to the communication computer 111.
  • the reconstucted action URL is then sent to the first vendor site 107 with the communication computer 111 mimicking the first user terminal 101.
  • the action URL-handling process of the first vendor site 107 validates and logs the transaction ID for later confirmation of the transaction with the credit card company and sends a confirmation HTML page to the first user terminal 101.
  • Logged transaction IDs are send by a secure means, e.g. a direct pstn connection, to the credit card company together with the amount to be charged.
  • the credit card company compares the transaction ID with the records in the database 113 before authorising the transfer of funds to the first vendor.
  • a user cannot change the dial-up networking setup of their user terminal 1, 2, 3.
  • changing circumstances may make a change necessary, e.g. changes in the telephone number to be dialled.
  • These changes can be made by means of a JAVATM or ActiveX applet associated with a web page provided by the Internet connectivity providing entity.
  • the operation of the communication computer 11, 111 in any of the foregoing embodiments may be modified so that all messages from the user terminals 1, 2, 3, 101, 102, 103 are cached.
  • the communication computer 11, 111 can then analyse the content of the messages to determine whether is comprises an action URL of a credit card details form of an unregistered "vendor". These messages can then be blocked to avoid credit card details being sent to bogus vendors.
  • connection between the user terminals 1, 2, 3, 101, 102, 103 and the communication computer 11, 111 may be, but not exclusively so, via a telephone circuit, on ISDN connection or a leased line.

Abstract

A system for electronic commerce avoids the transmission of credit card numbers across the Internet (6). Internet vendor sites (7, 8) are registered with an ISP (5). Consequently, action URLs from credit card details forms for the vendor sites (7, 8) can be intercepted by the ISP (5). These action URLs are then modified to include a transaction ID code in place of the credit card details and sent to the relevant vendor site (7, 8) with the ISP (5) mimicking the user (1, 2, 3). The ISP (5) may be a financial service provider or have a secure communication link to a financial service provider.

Description

Electronic Commerce System
Field of the Invention
The present invention relates to an electronic commerce system.
Background to the Invention
Internet commerce is a rapidly expanding area. Many goods and services can be ordered via the Internet. To do this, a user typically uses a web browser, such as Netscape Navigator or Microsoft Internet Explorer, to visit a web site of a vendor. The web site will include pages enabling the user to select the goods or services required and a page containing a form by means of which the user can enter their credit or debit card details so that the vendor can receive payment for the ordered goods or services.
A disadvantage of this arrangement is that the user must send their credit or debit card details to the vendor via the Internet. The Internet is not a fully secure network and there is the possibility that the credit or debit card details may be intercepted and used in the perpetration of a fraud.
Summary of the Invention
It is an aim of the present invention to provide for Internet commerce whilst avoiding the transmission of credit or debit card details via the Internet itself.
According to the present invention, there is provided an electronic commerce system comprising an Internet connectivity provider site, a financial service provider site for producing transaction IDs, a user terminal programmed with a web browser program, which may be a "microbrowser" in, for example, a AP-enabled phone, and connectable to the Internet connectivity provider site for accessing the Internet, and a World Wide Web vendor site configured for sending a payment card information entry form, e.g. an HTML form, having an action definition, e.g. an action URL, having at least one parameter, associated therewith, wherein the Internet connectivity provider site is configured to intercept messages from the user terminal which include said action definition and substitute at least a payment card number (e.g. credit card or debit card number) within the parameter or parameters of said action definition with a transaction ID produced by the financial service provider site. It should be noted that since the Internet connectivity provider site is providing connectivity to the Internet for the user terminal, the user terminal will not therefore be communicating with the Internet connectivity provider site via the Internet.
Thus in a system according to the present invention, payment card numbers are stripped from messages before the messages enter the Internet. Furthermore, the vendor site can still be used by customers, accessing the World Wide Web by means other than the Internet connectivitly provider site, and requires minimal modification from a typical vendor site configuration.
The term "World Wide Web" shall be taken to include WAP (Wireless Application Protocol) WAE (Wireless Application Environment) origin servers and analogous systems.
A user terminal for a system according to the present invention preferably comprises a computer including user input means, modem means and modem control data for controlling the modem for establishing communication with the Internet connectivity provider site, wherein the modem control data is not modifiable by means of data input using the user input means alone. More preferably, the user terminal includes read-only storage means storing an machine-specific ID. This ID can be used to confirm the identity of a person sending payment card details from the user terminal.
A World Wide Web vendor site for a system according to the present invention is preferably configured to run a process for processing said action definition, said process being capable of:- recognising unsubstituted parameters and recording a transaction in a first manner in response thereto; and recognising substituted parameters, which identify a transaction, and recording the transaction in a second manner in response thereto. More preferably, said process is capable of recognising substituted parameters which indicate a reason (e.g. insufficient credit or incorrectly entered payment card related data) for non-completion of the transaction and sending a page to the user terminal in dependence thereon.
An Internet connectivity provider site for a system according to the present invention preferably includes:- a database of vendor site IP addresses and associated action definitions; search means for searching the database for the destination IP address in a message from the user terminal; identification means responsive to the search means finding an IP address in the database to identify said action definition in the message; and signalling means for signalling action definition parameters to the financial service provider site in dependence on identification of an action definition by the identification means and receiving a transaαion ID or other data not comprising a payment card number therefrom; means for substituting at least a payment card number within the parameter or parameters of said action definition with the transaction ID or other data; and transmission means for sending the modified message to the vendor site.
Preferably, the transmission means is configured to mimic the user terminal when sending said modified message.
The Internet connecting provider site may be integrated with the financial service provider site.
Brief Description of the Drawings
Figure 1 shows the hardware of first, second and third embodiment of the present invention; Figure 2 shows an exemplary credit card details entry HTML form; and
Figure 3 shows the hardware of a fourth embodiment of the present invention;
Detailed Description of Preferred Embodiment Embodiments of the present invention will now be described, by way of example, with reference to the accompanying drawings.
Referring to Figure 1, first, second and third user terminals i, 2, 3 are connectable via the pstn (public switched telephone network) 4 to a financial service provider site 5. The financial service provider site 5 is connectable via the Internet 6 to first and second Internet vendor sites 7, 8. The number of user terminals 1, 2, 3 is not restricted to three. Similarly, there may be many more Internet vendor sites than the two Internet vendor sites 6, 7 shown.
The first user terminal 1 comprises a pad-type computer, such as the Cyrix® WebPAD™, which includes a modem. WindowsCE is used as the operating system for the first user terminal 1. However, the dial-up networking configuration user interface is disabled so that a user cannot alter the Internet connectivity provider used for Internet access. A web browser program is provided on the first user terminal 1 so that the user can access the World Wide Web using the terminal's modem.
The second and third user terminals 2, 3 are of the same construction as the first user terminal 1.
The vendor sites 7, 8 comprise web servers. The vendor sites 7, 8 provide HTML forms (Figure 2) that enable a user to enter their credit card number and expiry date and their address.
The financial service provider site 5 comprises a modem bank 10 connected between the pstn 4 and a communication computer 11. The communication computer 11 is also connected to the Internet 6 and to a transaction processor comprising a transaction computer 12 and a database 13. The financial service provider site 5 also comprises a domain name server (DNS) 14. The financial service provider site 5 is thus configured for the financial service provider to provide Internet connectivity to the user terminals 1, 2, 3. All datagrams to be sent via the Internet 6 from user terminals 1, 2, 3 pass through the communication computer 11. The communication computer 11 contains a database of registered vendor sites 7, 8 including their IP addresses and the "action" URL of the vendor's credit card details form.
The making of a purchase by the user of user terminal 1 from the first Internet vendor site 7 will now be described. It will be appreciated that the method is effected by a conventional web browser running on the first user terminal 1 and custom programs running on the communication computer 11, the transaction computer 12 and the web server at the first vendor site 7.
The user of the first user terminal 1 switches on the first user teminal 1 and runs the web browser program. This causes the first user terminal 1 to dial up the financial service provider site 5 and log on as with any Internet connectivity provider providing dial-up Internet access. The web browser will submit an initial URL, e.g. for a search engine such as Yahoo or Alta Vista, or the home page of the financial service provider.
A name resolver process running on the first user terminal sends the server part of the URL to the DNS 14 and receives back the IP address of that server. The URL is then sent from the first user terminal 1 in a message to the returned IP address.
The datagrams from the first user terminal are received by the communication machine 11. The communication machine 11 reads the destination IP address in the header of the first datagram or a message and looks it up in its database of registered vendor sites. Since, in this case, the IP address is not for a registered vendor site, the first datagram is forwarded immediately to the Internet 6 and the subsequent datagrams of the message are forwarded as soon as possible to the Internet 6. In this case the communication computer 111 now operates merely as a router for subsequent datagrams of the message.
The destination server responds to the URL in the message from the first user terminal 1 by replying with a message containing HTML code for a page. The datagrams of this message are routed by the Internet 6 to the communication computer 11 which then routes then via the modem bank 10 along the pstn connection to the first user terminal 1. The web browser, running on the first user terminal 1, then displays the page defined by the HTML in the reply message.
The system operates in this manner until, the first user terminal 1 sends a URL addressed to, for example, the first vendor site 7 which, for example, identifies the vendor's home page. In this case, the communication computer 11 finds the destintion IP address in the first datagram of the message containing the URL in its database. Thus, rather than immediately forwarding the datagrams of the message, the communication computer 11 caches the datagrams until the whole message has been received. When the whole message has been received, the communication machine 11 analyses the message to determine whether it contains the "action" URL of the destination vendor's credit card details form as contained in its database. Since, the URL is for the vendor's home page, the datagrams are now forwarded unmodified to the first vendor site 7 via the Internet 7.
At the TCP level, once the communication computer 11 has identified that a datagram from the first user terminal 1 is addressed to the first vendor site 7, it must respond to the first user terminal 1 as if it were the first vendor site 7 for connection set up, data transfer and connection termination. Also, when the communication computer 11 forwards the cached message to the first vendor site 7, it must mimic the first user terminal 1 so that the response to the sent URL is correctly addressed to the first user terminal 1 and lost or corrupted datagrams are retransmitted.
It will now be assumed that the user of the first user terminal 1 has decided to make a purchase and has received the first vendor's credit card details form. The user fills in the form and clicks on the SUBMIT button (see Figure 2). This causes the form's action URL to be submitted. The message containing the action URL is intercepted by the communication machine 11 as described above. However, the communication computer 11 now determines that the action URL is present. On determining that the action URL is present, the communication computer 11 sends the action URL to the transaction computer 12. The transaction computer 12 compares the data in the action URL with card holder details in the database 13. If the data is incorrect, e.g. the address is not that of the card holder, the transaction computer 12 sends back the message "invalid" to the communication computer 11. The communication computer 11 then strips the data from the action URL and replaced it with the name-value pair " details = invalid". The reconstucted action URL is then sent to the first vendor site 7 with the communication computer 11 mimicking the first user terminal 1.
It will be appreciated that a standard action URL used by all vendors would simplify the extraction of the card and user details from the action URL.
The process at the first vendor site 7, which handles the action URL, identifies the "details= invalid" name-value pair and sends an error warning HTML page to the first user terminal 1. This page is then displayed by the web browser running on the first user terminal 1.
If the data in the action URL is correct, the transaction computer 12 generates a unique transaction ID, which it stores in the database 13 against the card holder's account, and sends the transaction ID to the communication computer 11. The communication computer 11 then strips the data from the action URL and replaced it with the name-value pair "ID=nnnnnnnn" where n is a character of the transaction ID. The reconstucted action URL is then sent to the first vendor site 7 with the communication computer 11 mimicking the first user terminal 1.
On receiving the modified action URL, the action URL-handling process of the first vendor site 7 validates and logs the transaction ID for later confirmation of the transaction with the credit card company and sends a confirmation HTML page to the first user terminal 1.
Logged transaction IDs are send by a secure means, e.g. a direct pstn connection, to the credit card company together with the amount to be charged. The credit card company then compares the transaction ID with the records in the database 13 before authorising the transfer of funds to the first vendor.
In a second embodiment having the hardware configuration shown in Figure 1, the action URL produced by the credit card form (Figure 2) includes the value of the transaction. This information is sent by the communication computer 11 to the transaction computer 12 with the credit card number and card holder details. The transaction computer 12 then determines by reference to the database 13 whether the user has sufficient credit for the transaction. If the user does not have sufficient credit for the transaction, the transaction computer 12 sends the message "insufficient credit" to the communication computer 11. The communication computer 11 then strips the data from the action URL and replaced it with the name-value pair "details = insufficient credit". The reconstucted action URL is then sent to the first vendor site 7 with the communication computer 11 mimicking the first user terminal 1.
The process at the first vendor site 7, which handles the action URL, identifies the "details=insufficient credit" name-value pair and sends an error warning HTML page to the first user terminal 1. This page is then displayed by the web browser running on the first user terminal 1.
In a third embodiment having the hardware configuration shown in Figure 1, the user terminals 1, 2, 3 are provided with unique IDs, e.g. chip-specific IDs for their processors. In this case, the operation of the communication computer 11 is modified so that on receipt of an action URL for a registerer vendor site 6, 7, it sends a message to the user terminal 1, 2, 3 requesting the ID. A process running on the user terminal 1, 2, 3 responds to this message by sending the ID back to the communication computer 11. If the ID is not received by the communication machine within a predetermined time the connection to the user terminal 1, 2, 3 is dropped as it is assumed that the user terminal 1, 2, 3 is not an authorised terminal.
If an ID is received, it is passed to the transaction computer 12 with the data from the action URL. The transaction computer 12 tries to match the ID with the credit card number. If there is a match, the process proceeds as in the first embodiment. However, if there is not a match, the transaction computer 12 sends the message "imposter" to the communication computer 11 which responds by dropping the connection to the user terminal 1, 2, 3.
In either exception condition, caller line identification (CLI) can be used to identify the telephone line used to dial into the financial service provider site 5. This number can then be passed to a law-enforcement agency with a report of an attempted credit card fraud.
Referring to Figure 3, first, second and third user terminals 101, 102, 103 are connectable via the pstn (public switched telephone network) 104 to an Internet connectivity provider site 109. A financial service provider site 105 is connected to the Internet connectivity provider site 109 by a leased line 115. Internet connectivity provider site 109 is connectable via the Internet 106 to first and second Internet vendor sites 107, 108. The number of user terminals 101, 102, 103 is not restricted to three. Similarly, there may be many more Internet vendor sites than the two Internet vendor sites 106, 107 shown.
The first user terminal 101 comprises a pad-type computer, such as the Cyrix®
WebPAD™, which includes a modem. WindowsCE is used as the operating system for the first user terminal 101. However, the dial-up networking configuration user interface is disabled so that a user cannot alter the Internet connectivity provider used for Internet access. A web browser program is provided on the first user terminal 101 so that the user can access the World Wide Web using the terminal's modem.
The second and third user terminals 102, 103 are of the same construction as the first user terminal 101.
The vendor sites 107, 108 comprise web servers. The vendor sites 107, 108 provide HTML forms (Figure 2) that enable a user to enter their credit card number and expiry date and their address. The Internet connectivity provider site 109 comprises a modem bank 110 connected between the pstn 104 and a communication computer 111. The communication computer 111 is also connected to the Internet 106. The Internet connectivity provider site 109 also comprises a domain name server (DNS) 114.
The financial service provider site 105 comprises a transaction computer 112 and a database 113. The transaction computer 112 is connected to the communication computer 111 by the leased line 115.
All datagrams to be sent via the Internet 106 from user terminals 101, 102, 103 pass through the communication computer 111. The communication computer 111 contains a database of registered vendor sites 107, 108 including their IP addresses and the "action" URL of the vendor's credit card details form.
The making of a purchase by the user of user terminal 101 from the first Internet vendor site 107 will now be described. It will be appreciated that the method is effected by a conventional web browser running on the first user terminal 101 and custom programs running on the communication computer 111, the transaction computer 112 and the web server at the first vendor site 107.
The user of the first user terminal 101 switches on the first user teminal 101 and runs the web browser program. This causes the first user terminal 101 to dial up the Internet connectivity provider site 109 and log on as with any Internet connectivity provider providing dial-up Internet access. The web browser will submit an initial URL, e.g. for a search engine such as Yahoo or Aha Vista, or the home page of the Internet connectivity service provider.
A name resolver process running on the first user terminal sends the server part of the URL to the DNS 114 and receives back the IP address of that server. The URL is then sent from the first user terminal 101 in a message to the returned IP address. The datagrams from the first user terminal 101 are received by the communication machine 111. The communication machine 111 reads the destination IP address in the header of the first datagram and looks it up in its database of registered vendor sites. Since, in this case, the IP address is not for a registered vendor site 107, 108, the first datagram is forwarded immediately to the Internet 106 and the subsequent datagrams of the message are also immediately forwarded to the Internet 106. In this case the communication computer 111 now operates merely as a router for subsequent datagrams of the message.
The destination server responds to the URL in the message from the first user terminal 101 by replying with a message containing HTML code for a page. The datagrams of this message are routed by the Internet 106 to the communication computer 111 which then routes then via the modem bank 110 along the pstn connection to the first user terminal 101. The web browser, running on the first user terminal 101, then displays the page defined by the HTML in the reply message.
The system operates in this manner until, the first user terminal 101 sends a URL addressed to the first vendor site 107 which, for example, identifies the vendor's home page. In this case, the communication computer 11 finds the destintion IP address in the first datagram of the message containing the URL in its database. Thus rather than immediately forwarding the datagrams of the message, the communication computer 111 caches the datagrams until the whole message has been received. When the whole message has been received, the communication machine 111 analyses the message to determine whether it contains the "action" URL of the destination vendor's credit card details form as contained in its database. Since, the URL is for the vendor's home page, the datagrams are now forwarded unmodified to the first vendor site 107 via the Internet 106.
At the TCP level, once the communication computer 111 has identified that a datagram from the first user terminal 101 is addressed to the first vendor site 107, it must respond to the first user terminal 101 as if it were the first vendor site 107 for connection set up, data transfer and connection termination. Also, when the communication computer 111 forwards the cached message to the first vendor site 107, it must mimic the first user terminal 101 so that the response to the sent URL is correctly addressed to the first user terminal 101 and lost or corrupted datagrams are retransmitted.
It will now be assumed that the user of the first user terminal 101 has decided to make a purchase and has received the first vendor's credit card details form (Figure 2). The user fills in the form and clicks on the SUBMIT button (Figure 2). This causes the form's action URL to be submitted. The message containing the action URL is intercepted by the communication machine 111 as described above.
However, the communication computer 111 now determines that the action URL is present.
On determining that the action URL is present, the communication computer 111 sends the action URL to the transaction computer 112. The transaction computer 112 compares the data in the action URL with card holder details in the database 113. If the data is incorrect, e.g. the address is not that of the card holder, the transaction computer 112 sends back the message "invalid" to the communication computer 111. The communication computer 111 then strips the data from the action URL and replaced it with the name-value pair "details=invalid". The reconstucted action URL is then sent to the first vendor site 107 with the communication computer 111 mimicking the first user terminal 101.
The process at the first vendor site 107, which handles the action URL, identifies the "details= invalid" name-value pair and sends an error warning HTML page to the first user terminal 101. This page is then displayed by the web browser running on the first user terminal 101.
If the data in the action URL is correct, the transaction computer 112 generates a unique transaction ID, which it stores in the database 113 against the card holder's account, and sends the transaction ID to the communication computer 111. The communication computer 111 then strips the data from the action URL and replaced it with the name-value pair "ID=nnnnnnnn" where n is a character of the transaction ID. The reconstucted action URL is then sent to the first vendor site 107 with the communication computer 111 mimicking the first user terminal 101.
On receiving the modified action URL, the action URL-handling process of the first vendor site 107 validates and logs the transaction ID for later confirmation of the transaction with the credit card company and sends a confirmation HTML page to the first user terminal 101.
Logged transaction IDs are send by a secure means, e.g. a direct pstn connection, to the credit card company together with the amount to be charged. The credit card company then compares the transaction ID with the records in the database 113 before authorising the transfer of funds to the first vendor.
In each of the foregoing embodiments, a user cannot change the dial-up networking setup of their user terminal 1, 2, 3. However, changing circumstances may make a change necessary, e.g. changes in the telephone number to be dialled. These changes can be made by means of a JAVA™ or ActiveX applet associated with a web page provided by the Internet connectivity providing entity.
The operation of the communication computer 11, 111 in any of the foregoing embodiments may be modified so that all messages from the user terminals 1, 2, 3, 101, 102, 103 are cached. The communication computer 11, 111 can then analyse the content of the messages to determine whether is comprises an action URL of a credit card details form of an unregistered "vendor". These messages can then be blocked to avoid credit card details being sent to bogus vendors.
The connection between the user terminals 1, 2, 3, 101, 102, 103 and the communication computer 11, 111 may be, but not exclusively so, via a telephone circuit, on ISDN connection or a leased line.
It will be appreciated that may modifications can be made to the above-described embodiments to provide security beyond that obtained by avoiding the transmssion of credit card details over the Internet. The present invention has been explained with reference to a system employing HTML. However, it will be appreciated that with the development of XML, other mark up languages, e.g. WML, may be developed that are useable in embodiments of the present invention.

Claims

Claims
1. An electronic commerce system comprising:- an Internet coimectivity provider site; a financial service provider site for producing transaction IDs; a user terminal programmed with a web browser program and connectable to the Internet connectivity provider site for accessing the Internet; and a World Wide Web vendor site configured for sending a payment card information entry form having an action definition, having at least one parameter, associated therewith, wherein the Internet connectivity provider site is configured to intercept messages from the user terminal which include said action definition and substitute at least a payment card number within the parameter or parameters of said action definition with a transaction ID produced by the financial service provider site.
2. A system according to claim 1, wherein said entry form is an HTML form and said action definition comprises an action URL defined in the HTML code for said form.
3. A user terminal for a system according to claim 1 or 2, comprising a computer including user input means, modem means and modem control data for controlling the modem for establishing communication with the Internet connectivity provider site, wherein the modem control data is not modifiable by means of data input using the user input means alone.
4. A user terminal according to claim 3, including read-only storage means storing a machine-specific ID.
5. A World Wide Web vendor site for a system according to claim 1 or 2, configured to run a process for processing said action definition, said process being capable of:- recognising unsubstituted parameters and recording a transaαion in a first manner in response thereto; and recognising substituted parameters, which identify a transaαion, and recording the transaαion in a second manner in response thereto.
6. A World Wide Web vendor site according to claim 5, wherein said process is capable of recognising substituted parameters which indicate a reason for non-completion of the transaαion and sending an page to the user terminal in dependence thereon.
7. A World Wide Web vendor site according to claim 5, wherein said reason is insufficient credit or incorreαly entered payment card related data.
8. An Internet conneαivity provider site for a system according to claim 1 or 2, including:- a database of vendor site IP addresses and associated aαion definitions; search means for searching the database for the destination IP address in a message from the user terminal; identification means responsive to the search means finding an IP address in the database to identify said aαion definition in the message; and signalling means for signalling aαion definition parameters to the financial service provider site in dependence on identification of an aαion definition by the identification means and receiving a transaαion ID or other data not comprising a payment card number therefrom; means for substituting at least a payment card number within the parameter or parameters of said aαion definition with the transaαion ID or other data; and transmission means for sending the modified message to the vendor site.
9. An Internet conneαivity provider site according to claim 8, wherein the transmission means is configured to mimic the user terminal when sending said modified message.
PCT/GB2000/002138 1999-06-10 2000-06-02 Electronic commerce system WO2000077733A2 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
AU52328/00A AU762413B2 (en) 1999-06-10 2000-06-02 Electronic commerce system
KR1020017015918A KR20020035004A (en) 1999-06-10 2000-06-02 Electronic commerce system
JP2001503133A JP2003502743A (en) 1999-06-10 2000-06-02 E-commerce system
CA002376802A CA2376802A1 (en) 1999-06-10 2000-06-02 Electronic commerce system
EP00937032A EP1190263A2 (en) 1999-06-10 2000-06-02 Electronic commerce system
MXPA01012714A MXPA01012714A (en) 1999-06-10 2000-06-02 Electronic commerce system.
BR0011729-3A BR0011729A (en) 1999-06-10 2000-06-02 Ecommerce System

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9913530A GB2350982B (en) 1999-06-10 1999-06-10 Electronic commerce system
GB9913530.3 1999-06-10

Publications (2)

Publication Number Publication Date
WO2000077733A2 true WO2000077733A2 (en) 2000-12-21
WO2000077733A3 WO2000077733A3 (en) 2001-11-15

Family

ID=10855109

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2000/002138 WO2000077733A2 (en) 1999-06-10 2000-06-02 Electronic commerce system

Country Status (10)

Country Link
EP (1) EP1190263A2 (en)
JP (1) JP2003502743A (en)
KR (1) KR20020035004A (en)
CN (1) CN1354861A (en)
AU (1) AU762413B2 (en)
BR (1) BR0011729A (en)
CA (1) CA2376802A1 (en)
GB (1) GB2350982B (en)
MX (1) MXPA01012714A (en)
WO (1) WO2000077733A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002097685A1 (en) * 2001-05-31 2002-12-05 Portalify Oy Methods and systems in a data communication network for delivering and charging for services
WO2003036529A1 (en) * 2001-10-22 2003-05-01 Portalify Oy Method and telecommunication network for delivering and charging for services
FR2862170A1 (en) * 2003-11-06 2005-05-13 France Telecom Confidential data transfer process for Internet network, involves executing encryption of data maintained at access provider and relative to user and inserting encrypted data in information service request to be sent to information provider
WO2012141495A3 (en) * 2011-04-11 2013-01-10 Samsung Electronics Co., Ltd. Apparatus and method for providing a transaction service

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1305750A1 (en) * 2000-05-25 2003-05-02 Wilson How Kiap Gueh Transaction system and method
GB2370475A (en) * 2000-12-22 2002-06-26 Hewlett Packard Co Secure online transaction where a buyer sends some information direct to a bank and some via a vendor
WO2002058017A1 (en) * 2001-01-19 2002-07-25 Haissam Malas Global payment method, and payment system and payment card used therewith
GB2372616A (en) 2001-02-23 2002-08-28 Hewlett Packard Co Transaction method and apparatus using two part tokens
FR2843216B1 (en) * 2002-07-30 2004-11-19 France Telecom REMOTE PAYMENT METHOD, SYSTEM AND GATEWAY FOR IMPLEMENTING THE SAME, USE OF THE SAME
US20060047662A1 (en) * 2004-08-31 2006-03-02 Rajkishore Barik Capability support for web transactions

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0637548A1 (en) 1993-08-06 1995-02-08 Kaysersberg Packaging S.A. Packing case in the form of a display

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2059078C (en) * 1991-02-27 1995-10-03 Alexander G. Fraser Mediation of transactions by a communications system
CA2100134C (en) * 1992-09-29 1999-06-22 Raymond Otto Colbert Secure credit/debit card authorization
US5826241A (en) * 1994-09-16 1998-10-20 First Virtual Holdings Incorporated Computerized system for making payments and authenticating transactions over the internet
US6252869B1 (en) * 1995-12-29 2001-06-26 At&T Corp. Data network security system and method
US5815665A (en) * 1996-04-03 1998-09-29 Microsoft Corporation System and method for providing trusted brokering services over a distributed network
US5778173A (en) * 1996-06-12 1998-07-07 At&T Corp. Mechanism for enabling secure electronic transactions on the open internet
EP0887776A1 (en) * 1997-06-23 1998-12-30 Rainer Grunert Transaction unit / method for payment administration on Internet and/or similar public client-server systems
WO2000075843A1 (en) * 1999-06-09 2000-12-14 Intelishield.Com, Inc. Internet payment system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0637548A1 (en) 1993-08-06 1995-02-08 Kaysersberg Packaging S.A. Packing case in the form of a display

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002097685A1 (en) * 2001-05-31 2002-12-05 Portalify Oy Methods and systems in a data communication network for delivering and charging for services
WO2003036529A1 (en) * 2001-10-22 2003-05-01 Portalify Oy Method and telecommunication network for delivering and charging for services
FR2862170A1 (en) * 2003-11-06 2005-05-13 France Telecom Confidential data transfer process for Internet network, involves executing encryption of data maintained at access provider and relative to user and inserting encrypted data in information service request to be sent to information provider
WO2005048558A1 (en) * 2003-11-06 2005-05-26 France Telecom Method for transfer of confidential data in core networks
WO2012141495A3 (en) * 2011-04-11 2013-01-10 Samsung Electronics Co., Ltd. Apparatus and method for providing a transaction service
CN103460237A (en) * 2011-04-11 2013-12-18 三星电子株式会社 Apparatus and method for providing a transaction service
JP2014516440A (en) * 2011-04-11 2014-07-10 サムスン エレクトロニクス カンパニー リミテッド Service server, user terminal device, service providing method and control method thereof

Also Published As

Publication number Publication date
GB2350982A (en) 2000-12-13
EP1190263A2 (en) 2002-03-27
MXPA01012714A (en) 2003-09-04
AU5232800A (en) 2001-01-02
GB9913530D0 (en) 1999-08-11
CA2376802A1 (en) 2000-12-21
AU762413B2 (en) 2003-06-26
CN1354861A (en) 2002-06-19
KR20020035004A (en) 2002-05-09
BR0011729A (en) 2003-07-08
JP2003502743A (en) 2003-01-21
WO2000077733A3 (en) 2001-11-15
GB2350982B (en) 2003-06-25

Similar Documents

Publication Publication Date Title
US6792464B2 (en) System for automatic connection to a network
RU2507579C2 (en) Ordering method for mobile radio network users
USRE43351E1 (en) Credit card validation for an interactive wireless network
EP2302523B1 (en) Enhanced service platform with secure system and method for subscriber profile customization
US5905736A (en) Method for the billing of transactions over the internet
US6549773B1 (en) Method for utilizing local resources in a communication system
US8755778B2 (en) Method for accessing a communications service by means of an electronic address
US20060195597A1 (en) Automatic network user identification
RU2427893C2 (en) Method of service server authentication (versions) and method of services payment (versions) in wireless internet
AU762413B2 (en) Electronic commerce system
US20040088250A1 (en) Subscriber account replenishment in a netework-based electronic commerce system incorporating prepaid service offerings
US20060059161A1 (en) Signaling apparatus and method
US20020052842A1 (en) Initiation of an electronic payment transaction
US20030028614A1 (en) Portable storage media and method of utilizing remote storage unit on network as auxiliary memory of local computer by using the same
AU7402500A (en) Short message service (sms) e-commerce
US8725605B1 (en) Method and system for managing service accounts
JP2003530618A (en) System and method for secure network purchase
US20090266876A1 (en) Method with which a terminal can retrieve information associated to an epc-code from an epc network
WO2000049505A1 (en) System for automatic connection to a network
JP2002063524A (en) Credit guarantee method in electronic commercial transaction, and dealing authenticating server, store server, and member managing server applying the same method
EP1266363A1 (en) A method and system for disclosing information during online transactions
WO2002078257A1 (en) Method and data processing system for timing the duration of a session
WO2001031483A2 (en) A system and method for verifying on-line information presented by internet users
US20020156708A1 (en) Personalized internet server
WO2005059798A1 (en) Method for user registration with a proxy for further work with one of the server units

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 00808546.3

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

ENP Entry into the national phase

Ref document number: 2001 503133

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2376802

Country of ref document: CA

Ref document number: 2376802

Country of ref document: CA

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: PA/a/2001/012714

Country of ref document: MX

Ref document number: 1020017015918

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2000937032

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 52328/00

Country of ref document: AU

WWP Wipo information: published in national office

Ref document number: 2000937032

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWE Wipo information: entry into national phase

Ref document number: 10018002

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 1020017015918

Country of ref document: KR

WWG Wipo information: grant in national office

Ref document number: 52328/00

Country of ref document: AU

WWW Wipo information: withdrawn in national office

Ref document number: 1020017015918

Country of ref document: KR

WWW Wipo information: withdrawn in national office

Ref document number: 2000937032

Country of ref document: EP