US20140244515A1 - Systems and methods for facilitating secure access - Google Patents
Systems and methods for facilitating secure access Download PDFInfo
- Publication number
- US20140244515A1 US20140244515A1 US14/272,223 US201414272223A US2014244515A1 US 20140244515 A1 US20140244515 A1 US 20140244515A1 US 201414272223 A US201414272223 A US 201414272223A US 2014244515 A1 US2014244515 A1 US 2014244515A1
- Authority
- US
- United States
- Prior art keywords
- serial number
- data
- computer system
- account data
- proxy account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/383—Anonymous user system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- FIG. 1 illustrates a block diagram of a system for generating proxy account data for customers of a financial institution.
- FIG. 2 illustrates one embodiment of a process flow for generating proxy account data for customers of a financial institution utilizing the system of FIG. 1 .
- FIG. 3 illustrates one embodiment of a process flow for generating use-restricted proxy account data for customers of a financial institution utilizing the system of FIG. 1 .
- FIG. 4 illustrates one embodiment of the system of FIG. 1 showing a vendor and illustrating a transaction between the vendor and the customer utilizing proxy account data.
- FIG. 5 illustrates one embodiment of a process flow for completing a transaction between the customer and the vendor utilizing the system of FIG. 4 .
- FIGS. 6 and 7 illustrate embodiments of the system of FIG. 4 depicting example transactions where the purchaser provides the proxy account data utilizing a mobile device, such as a smart phone, palmtop computer, etc.
- a mobile device such as a smart phone, palmtop computer, etc.
- proxy account data may be associated with a financial account of a customer and may be used to authorize charges to the customer's account (e.g., to fund transactions with third-party vendors).
- the proxy account data may be utilized to make on-line, telephone, and/or other purchases in a manner similar to the way that the customer would use actual account data.
- Each instance of proxy account data may be referred to as a proxy account data package.
- Proxy account data may be generated by a financial institution (or a third party provider) utilizing a sequential encryption.
- an inner financial institution computer system inner system
- the serial number may be any suitable number and may be associated with the customer's account in any suitable manner.
- the inner system may encrypt the serial number and send the encrypted serial number to an outer financial institution computer system (outer system).
- the outer system may append checkable data to the encrypted serial number and then encrypt the combination of the encrypted serial number and the checkable data. In this way, the serial number may be double encrypted.
- the results of the encryption may yield the proxy account data.
- the proxy account data may then be communicated to the customer in any suitable manner.
- the customer may utilize the proxy account data by providing it to a vendor in person, by telephone, or electronically, in a manner similar to the way that the customer would provide his or her credit card number.
- the vendor or other party, may provide the proxy account data to the financial institution along with a request for payment.
- the proxy account data and request may be processed by the inner and outer systems.
- the outer system may decrypt the proxy account data, yielding the encrypted serial number and the checkable data.
- the checkable data may be verified. Provided that the checkable data is verified, the outer system may transmit the checkable data to the inner system.
- the inner system may decrypt the encrypted serial number and verify that the serial number is properly associated with the customer's account.
- the financial institution may authorize that the customer's account be charged in a manner consistent with the payment request.
- the vendor never has access to the customer's account information. Accordingly, the customer's account information remains with the financial institution, protected by the Internet security systems already in place to protect the financial institution's computer systems.
- proxy account data may be associated with transaction limitations that may be honored by the financial institution.
- the serial number and/or checkable data of the proxy account data may be associated with any suitable type of transaction limitation including, for example, a maximum amount available for transactions, a maximum per-transaction amount, a limitation on vendors, an expiration time, and/or any other suitable limitation.
- the limitations may be derived at the time that the proxy account data is provided to the financial institution with a request for payment. For example, the financial institution may not authorize payment from the customer's account to the vendor unless the details of the transaction are consistent with the transaction limitations associated with the proxy account data.
- FIG. 1 illustrates a block diagram of a system 100 for generating proxy account data for customers of a financial institution.
- a customer 102 may interact with a computer system 104 to obtain proxy account data.
- the computer system 104 may constitute all or part of a computer system of a financial institution (e.g., the financial institution providing the customer 102 with the account to be drawn on using the proxy account data).
- the customer 102 may be in communication with the system 104 , for example, utilizing a secure connection and/or user interface that may, in various embodiments, already be in place for the customer 102 to conduct banking business with the financial institution.
- the computer system 104 may be provided by a third party service provider and may be in secure communication with a computer system (not shown) of the financial institution.
- the computer system 104 may comprise an outer financial institution system 108 and an inner financial institution system 106 .
- the inner 106 and outer systems 108 may be separated from one another, for example, in order to increase the difficulty of hacking into both systems 106 , 108 .
- the systems 106 , 108 may be at different physical locations, on different networks, behind different firewalls, etc. In some embodiments, however, there may not be any distinction between the inner system 106 and outer system 108 (e.g., the functionality of both may be performed by the system 104 or a single component thereof).
- the inner system 106 may be in communication with one or more data stores including, for example, a serial number data store 110 and a serial number association data store 112 .
- a serial number data store 110 may comprise serial numbers that may be associated with customer account data.
- Serial number associations data store 112 may comprise associations between serial numbers and specific customer account data.
- the outer system 108 may similarly be in electronic communication with a checkable data association data store 114 .
- the data store 114 may comprise associations between encrypted serial numbers and checkable data, for example, as described herein below.
- FIG. 2 illustrates one embodiment of a process flow 200 for generating proxy account data for customers of a financial institution utilizing the system 100 .
- the system 104 may receive a request for proxy account data (e.g., from the customer 102 ). The request may be received in any suitable manner.
- the customer 102 may access the system 104 according to a secure connection and request one or more proxy account data packages in any suitable way.
- the system 104 may provide the customer with a user interface (not shown) allowing the customer to request proxy account data.
- functionality for allowing the customer 102 to request proxy account data may be provided as part of a user interface that also provides the user 102 with various tools for managing the customer's account or accounts with the financial institution (e.g., balance inquiry and transfer tools, electronic bill payment tools, electronic statement tools, etc.).
- various tools for managing the customer's account or accounts with the financial institution e.g., balance inquiry and transfer tools, electronic bill payment tools, electronic statement tools, etc.
- the system 104 may be configured to automatically provide the customer 102 with a predetermined number of proxy account data packages (e.g. periodically).
- the customer's account with the financial institution may include a feature where the financial institution provides the customer 102 with a predetermined number of proxy account data packages every month.
- the system 104 may select a serial number to be used to generate the proxy account data.
- the serial number may be a block of digital data of any suitable size that is capable of being associated with the customer's account data (e.g., account number, expiration date, security code, etc.).
- a list of suitable serial numbers may be stored by the inner system 106 , for example, at the serial number store 110 .
- the serial number may be all or a portion of account data specifically identifying the customer's account. It will be appreciated, however, that utilizing account data for the serial number will cause the account data to be present in the ultimately generated proxy account data, albeit in encrypted form.
- the inner system 106 may keep track of serial numbers that have already been used to ensure that no serial number is in use for more than one account and/or more than one customer at the same time. It will be appreciated, however, that, in some embodiments, serial numbers may be re-used after all account proxy data representing previous uses of the serial number have expired.
- the inner system 106 may associate the selected serial number with data describing the customer's account.
- the data describing the customer's account may include, for example, an account number or any other identifying data.
- the association between the serial number and the customer's account may be stored at any suitable secure location including, for example, at the serial number associations data store 112 .
- the inner system 106 may encrypt the serial number at 206 .
- the inner system 106 may transmit the encrypted serial number to the outer system 108 according to any suitably secure transmission technique using any suitable local or wide area, wired, wireless or mixed network.
- the serial number may be encrypted by the inner system 106 according to any suitable encryption hardware or software method.
- the inner system 106 may encrypt the serial number according to a symmetric, single key encryption method such as, for example, forms of the Advanced Encryption Standard (AES), Data Encryption Standard (DES), RC2, RC4, etc. Any suitable block size may be used.
- AES Advanced Encryption Standard
- DES Data Encryption Standard
- RC2 Data Encryption Standard
- RC4 asymmetric or public-key infrastructure
- Any suitable block size may be used.
- an asymmetric or public-key infrastructure (PKI) encryption method may be used.
- the inner system 106 may have a public key used to encrypt the serial number and a private key that may be used to decrypt the data packet. The public key may be generally available, while the private key may not be shared with any other systems.
- symmetric and asymmetric encryption methods may be used together. For example, an asymmetric method may be used to transmit a
- the outer system 108 may join the encrypted serial number with checkable data.
- the checkable data may be any suitable data that can be later used by the outer system 108 to verify the encrypted serial number.
- the checkable data may comprise data describing the customer 102 and/or the customer's account.
- the checkable data may comprise a time stamp and/or machine stamp indicating the outer system 108 . In this way, the outer system 108 may be able to subsequently verify that it created the resulting proxy account data.
- the checkable data may comprise any type of data that may be associated with the encrypted serial number.
- the outer system 108 may store an association between the encrypted serial number and the checkable data at data store 114 .
- the outer system 108 may encrypt the combination of the encrypted serial number and the checkable data at 212 .
- the result of this encryption may be, or may be transformed into, the proxy account data.
- the proxy account data may subsequently be communicated to the customer 102 in any suitable manner.
- the proxy account data may be printed to a paper or card, which may be subsequently mailed to the customer 102 (e.g., with an account statement).
- the proxy account data may be represented on the paper or card in any suitable form.
- the proxy account data may be represented in alphanumeric form, in symbolic for, or as a bar code or other graphical code.
- the proxy account data may be provided to the customer 102 electronically.
- the system 104 may send an e-mail to the customer 102 including the proxy account data.
- the e-mail may be sent to a public e-mail account of the customer 102 and/or to a secure e-mail account associated with the customer's account with the financial institution.
- the e-mail may comprise an electronic representation of the proxy account data that may be utilized by a personal computer device, such as a smart phone, to make purchases as described herein.
- the proxy account data may be provided to the customer 102 via a user interface provided by the system 104 .
- the proxy account data may be represented in a screen provided to the customer 102 .
- the customer 102 may then copy the proxy account data (e.g., electronically or manually) for later use.
- instances of proxy account data may be associated with use restrictions that limit the circumstances under which the proxy account data may be used in transactions with vendors.
- some use restrictions may specify times or dates when the proxy account data may, or may not, be used.
- some use restrictions may specify a maximum number of times that proxy account data may be used.
- some use restrictions may specify a number of times that the proxy account data may be used prior to an expiration.
- Other use restrictions my be related to the types of vendors that the proxy account data may be used to pay.
- a proxy account data package may be limited such that it is only valid with certain vendors, or categories of vendors.
- proxy account data may be limited so that it is specifically invalid with certain vendors or categories of vendors.
- use restrictions may be utilized to provide a greater level of security and/or assurance with a customer's account is to be used by someone other than the customer. For example, if the customer 102 is a parent, the customer 102 may provide his or her child with a proxy account data package that is specifically limited to the types of purchases that the customer 102 would like the child to make.
- FIG. 3 illustrates one embodiment of a process flow 300 for generating use-restricted proxy account data for customers of a financial institution utilizing the system 100 .
- the system 104 may receive a request for proxy account data. This action may occur in any suitable manner, for example as described above with respect to 202 . Further, in some embodiments, the system 104 may generate proxy account data without having received a specific request, for example, as described above.
- the system 104 may receive, from the customer 102 , use restrictions to be associated with the proxy account data.
- the use restrictions may include any suitable restriction on the types of transactions that may use the proxy account data including, for example, the restriction types discussed above.
- the use restrictions need not be received specifically from the customer 102 every time that a proxy account data package is generated.
- the system 104 may store one or more pre-configured sets of use restrictions from which the customer 102 may select. Further, in some cases, the customer 102 may specify a default use restriction or set of use restrictions to be used when creating proxy account data (e.g., unless instructions to the contrary are received).
- the inner system 106 may select a serial number, for example, as described hereinabove with respect to 204 .
- the inner system 106 may associate the serial number and the use restriction or restrictions with the customer's account. In this way, when the proxy account data is used to make a purchase, the system 104 may verify the validity of the proxy account data as well as whether the requested transaction complies with the use restrictions, for example, as described herein below.
- FIG. 3 shows the use restrictions being associated with the serial number by the inner system 106 , it will be appreciated that, alternatively, the encrypted serial number and/or checkable data may be associated with the use restrictions, for example, by the outer system 108 .
- the inner system 106 may encrypt the serial number, for example, similar to the way described above with respect to 208 .
- the resulting encrypted serial number may be transmitted to the outer system 108 , which may join the encrypted serial number with checkable data at 312 , for example, as described above with respect to 210 .
- the outer system may encrypt the combination of the checkable data with the encrypted serial number, resulting in the proxy account data.
- FIG. 4 illustrates one embodiment of the system 100 showing a vendor 120 and illustrating a transaction between the vendor 120 and the customer 102 utilizing proxy account data.
- the vendor 120 may be any suitable type of vendor providing any type of goods or services for sale to the customer 102 .
- the vendor 120 may be an online or bricks-and-mortar retailer.
- the vendor 120 may be a utility company, or any other company or entity to which the customer 102 may owe a payment.
- FIG. 5 illustrates one embodiment of a process flow 500 for completing a transaction between the customer 102 and the vendor 120 utilizing the system 100 , as shown in FIG. 4 .
- the transaction may be initiated when the customer 102 pays for goods and services provided by the vendor 120 utilizing proxy account data.
- the system 104 may receive proxy account data and transaction data.
- the transaction data may describe the transaction between the customer 102 and the vendor 120 that will be completed by charging the customer's account utilizing the proxy account data.
- the proxy account data and transaction data may be received from the vendor 120 , as shown in FIG. 4 .
- the customer 102 may provide the proxy account data to the vendor 120 in the same way that the customer 102 would provide their credit card number and similar information.
- Transaction data provided to the vendor 120 from the customer 102 may include, for example, a description of the good and/or service that the customer 102 would like to purchase.
- the vendor 120 in some embodiments, may updated the transaction data with an indication of the vendor 120 before sending to the system 104 .
- the purchaser 102 may provide the proxy account data and transaction data directly to the system 104 .
- the outer system 108 may decrypt the proxy account data.
- the outer system 108 may have access to the encryption key used to encrypt the proxy account data and/or necessary to decrypt it, as described above.
- the result of decrypting the proxy account data may be checkable data and an encrypted serial number.
- the outer system 108 may verify the checkable data. For example, the outer system 108 may verify an association between the checkable data and the encrypted serial number (e.g., stored at database 114 ). If the checkable data is verified, the outer system 108 may transmit the encrypted serial number (and the transaction data) to the inner system 106 (e.g., via a secure connection). The inner system may decrypt the encrypted serial number at 508 .
- the inner system 106 may determine whether the serial number is associated with a valid account (e.g., at data store 112 ). At 512 , the inner system 106 may determine whether the transaction information is consistent with the serial number, or consistent with any use restrictions associated with the serial number (e.g., at data store 112 ).
- the inner system 106 may authorize payment to the vendor 120 from the customer's account. Payment may be effectuated according to any suitable method. For example, payment from the customer's account to the vendor 120 may be made in a manner similar to that of current credit and/or debit transactions. It will be appreciated that the process flow 500 , in some embodiments, may be executed by the system 104 at or near real time (e.g., with a speed similar to that of current credit card authorization determinations). In this way, the vendor 120 may wait to receive at least authorization from the system 104 prior to completing the transaction with the customer 102 .
- the customer 102 may provide proxy account data to the vendor 120 , or directly to the system 104 , in any suitable way.
- the vendor is an Internet or web-based vendor
- the customer 102 may provide the proxy account data by entering it into a window of the vendor's site.
- the vendor's site may comprise a drop-down menu allowing the customer 102 to select a payment method.
- the vendor's site may provide a field for receiving the proxy account data.
- the vendor's site may comprise an interface to the system 104 allowing the customer 102 to provide the proxy account data directly to the system 104 through the vendor's site.
- proxy account data may also be used for in-person purchases.
- the customer 102 may provide a card comprising the proxy account data in alphanumeric and/or symbolic form to the vendor 120 .
- the vendor 120 may transmit the proxy account data to the system 104 by manually or automatically entering it into a vendor computer system (not shown).
- the vendor 120 may have a bar code reader to read a bar code from the card provided by the customer.
- the customer 102 may verbally indicate the proxy account data to the vendor 120 .
- FIGS. 6 and 7 illustrate embodiments of the system 100 depicting example transactions where the purchaser 102 provides the proxy account data utilizing a mobile device, such as a smart phone, palmtop computer, etc.
- the customer 102 may have a mobile device 602 .
- the mobile device 602 may be any sort of mobile electronic device capable of receiving and storing proxy account data.
- the mobile device 602 may be a general purpose mobile device such as, for example, a mobile phone, a smart mobile phone, a palmtop computer, a laptop computer, etc.
- the mobile device 602 may be a device dedicated to facilitating payments such as, for example, a key fob a smart card comprising a microchip, etc.
- the mobile device 602 may receive the proxy account data from the system 104 .
- the mobile device 602 may communicate directly with the system 104 via a network (not shown) such as the Internet.
- the proxy account data may be stored on a storage medium, which may be read by the mobile device 602 .
- the mobile device 602 may be capable of wireless communications.
- the vendor 120 may comprise a wireless access device 600 for receiving wireless transmissions from the mobile device 602 .
- the purchaser 102 may place the mobile device in communication with the vendor 120 .
- the purchaser 102 may move the mobile device 102 within range of the wireless access device 600 .
- the purchaser 102 may prompt the mobile device 602 to send the proxy account data to the vendor 120 .
- the mobile device 602 may transmit the proxy account data to the vendor 120 utilizing a bar code or any other suitable visual and/or graphical code.
- the mobile device 602 may be configured to represent the proxy account data on a screen in the form of a bar code or other visual and/or graphical code.
- the purchaser 102 may communicate the proxy account data to the vendor 120 by placing the mobile device 602 (and specifically its screen) within range of a bar code reader 700 in communication with the vendor 120 .
- the purchaser 102 may capture or extract an image of the bar code or other code and transmit the image to the vendor 120 , in lieu of using the bar code reader 700 . It will be appreciated that, although FIGS.
- FIGS. 6 and 7 show the mobile device 602 sending proxy account data and transaction data to the vendor 102 , in some embodiments, the mobile device 602 may send only the proxy account data.
- Transaction data e.g., which items or services the purchaser 102 intends to buy
- FIGS. 6 and 7 show the mobile device 602 communicating the proxy account data to the vendor 120
- the mobile device 602 may communicate the proxy account data directly to the system 104 .
- steps may be taken to prevent hacking of the financial institution system 104 .
- the financial institution may have security features in place to prevent unauthorized access to the system 104 and to facilitate secure communications with customers. Any suitable technology may be used including, for example, HTTPS, secure socket layer (SSL), etc.
- An additional security feature of the system 100 may arise from the dual nature of the inner and outer systems. For example, in order to nefariously generate proxy account data, a hacker would be required to separately hack into both systems 106 , 108 , which may pose a considerable challenge.
- the systems 106 , 108 may generate new decryption keys and replace any proxy account data created during the time that the decryption key or keys was compromised.
- Different computer systems 106 , 108 , parties 102 , 120 , and devices 602 are described herein as communicating with one another. It will be appreciated that this communication may take place according to any suitable method.
- some or all of the computer systems or parties described herein may be in communication with one another via a network or networks.
- the network or networks may operate according to any suitable wired or wireless communication protocol and may utilize any suitable hardware or software.
- the network or networks may include, a wide area network (WAN) such as the Internet, a local area network (LAN), etc.
- WAN wide area network
- LAN local area network
- each system may have a public key that may be used for encrypting messages and a private key that may be used for decryption.
- the public key may be provided to any systems having need to send data to the first system.
- the data may be encrypted with the public key such that it may only be decrypted with the private key, which may be kept secret by the receiving system. In this way, all communications between the various systems may be decrypted only by their intended recipients.
- the systems 106 , 108 may each be implemented on exclusive hardware.
- the system 106 may not share any hardware with the system 108 . This may increase security as it may make it more difficult for a potential hacker to access the sensitive operations of both system 106 , 108 , as would be necessary to tamper with the creation or verification of proxy account data.
- the systems may share common hardware.
- the systems 106 , 108 may be implemented on a single computer device or a common set of computer devices. Hardware or software tools may be utilized to provide segregation between the systems 106 , 108 in order to increase the difficulty of hacking both systems 106 , 108 to tamper with the creation or verification of proxy account data.
- a firewall may be implemented to limit the types and security of electronic communications between the system 106 , 108 .
- the distinction between the inner system 106 and outer system 108 may not be present and the system 104 may generally perform all of the actions described herein and attributed to either the system 106 or the system 108 .
- this configuration may be less secure, it may be advantageous in some circumstances to avoid the expense and complexity of implementing multiple systems 106 , 108 .
- the systems 106 and 108 are referred to herein as the inner system 106 and the outer system 108 . Despite this, it will be appreciated that these systems may be placed in any suitable configuration relative to one another, the system 104 , the vendor 120 and/or the purchaser 102 .
- modules or software can be used to practice certain aspects of the invention.
- software-as-a-service (SaaS) models or application service provider (ASP) models may be employed as software application delivery models to communicate software applications to clients (e.g., the vendor 120 ) or other users.
- Such software applications can be downloaded through an Internet connection, for example, and operated either independently (e.g., downloaded to a laptop or desktop computer system) or through a third-party service provider (e.g., accessed through a third-party web site).
- cloud computing techniques may be employed in connection with various embodiments of the invention.
- the processes associated with the present embodiments may be executed by programmable equipment, such as computers.
- the processes may be stored in any storage device, such as, for example, a computer system (non-volatile) memory, an optical disk, magnetic tape, or magnetic disk.
- some of the processes may be programmed when the computer system is manufactured or via a computer-readable memory medium.
- a computer-readable medium may include, for example, memory devices such as diskettes, compact discs of both read-only and read/write varieties, optical disk drives, and hard disk drives.
- a computer-readable medium may also include memory storage that may be physical, virtual, permanent, temporary, semi-permanent and/or semi-temporary.
- a “computer,” “computer device,” “computer system,” “system,” “host,” “engine,” or “processor” may be, for example and without limitation, a processor, microcomputer, minicomputer, server, mainframe, laptop, personal data assistant (PDA), wireless e-mail device, cellular phone, pager, processor, fax machine, scanner, or any other programmable device configured to transmit and/or receive data over a network.
- Computer systems and computer-based devices disclosed herein may include memory for storing certain software applications used in obtaining, processing, and communicating information. It can be appreciated that such memory may be internal or external with respect to operation of the disclosed embodiments.
- the memory may also include any means for storing software, including a hard disk, an optical disk, floppy disk, ROM (read only memory), RAM (random access memory), PROM (programmable ROM), EEPROM (electrically erasable PROM) and/or other computer-readable memory media.
- ROM read only memory
- RAM random access memory
- PROM programmable ROM
- EEPROM electrically erasable PROM
- a single component may be replaced by multiple components, and multiple components may be replaced by a single component, to perform a given function or functions. Except where such substitution would not be operative to practice embodiments of the present invention, such substitution is within the scope of the present invention.
- Any of the servers or computer systems described herein, for example may be replaced by a “server farm” or other grouping of networked servers (e.g., a group of server blades) that are located and configured for cooperative functions. It can be appreciated that a server farm may serve to distribute workload between/among individual components of the farm and may expedite computing processes by harnessing the collective and cooperative power of multiple servers.
- Such server farms may employ load-balancing software that accomplishes tasks such as, for example, tracking demand for processing power from different machines, prioritizing and scheduling tasks based on network demand, and/or providing backup contingency in the event of component failure or reduction in operability.
- Various embodiments of the systems and methods described herein may employ one or more electronic computer networks to promote communication among different components, transfer data, or to share resources and information.
- Such computer networks can be classified according to the hardware and software technology that is used to interconnect the devices in the network, such as optical fiber, Ethernet, wireless LAN, HomePNA, power line communication or G.hn.
- the computer networks may also be embodied as one or more of the following types of networks: local area network (LAN); metropolitan area network (MAN); wide area network (WAN); virtual private network (VPN); storage area network (SAN); or global area network (GAN), among other network varieties.
- LAN local area network
- MAN metropolitan area network
- WAN wide area network
- VPN virtual private network
- SAN storage area network
- GAN global area network
- a WAN computer network may cover a broad area by linking communications across metropolitan, regional, or national boundaries.
- the network may use routers and/or public communication links.
- One type of data communication network may cover a relatively broad geographic area (e.g., city-to-city or country-to-country) which uses transmission facilities provided by common carriers, such as telephone service providers.
- a GAN computer network may support mobile communications across multiple wireless LANs or satellite networks.
- a VPN computer network may include links between nodes carried by open connections or virtual circuits in another network (e.g., the Internet) instead of by physical wires.
- the link-layer protocols of the VPN can be tunneled through the other network.
- One VPN application can promote secure communications through the Internet.
- the VPN can also be used to separately and securely conduct the traffic of different user communities over an underlying network.
- the VPN may provide users with the virtual experience of accessing the network through an IP address location other than the actual IP address which connects the access device to the network.
- Computer networks may include hardware elements to interconnect network nodes, such as network interface cards (NICs) or Ethernet cards, repeaters, bridges, hubs, switches, routers, and other like components. Such elements may be physically wired for communication and/or data connections may be provided with microwave links (e.g., IEEE 802.12) or fiber optics, for example.
- NICs network interface cards
- a network card, network adapter or NIC can be designed to allow computers to communicate over the computer network by providing physical access to a network and an addressing system through the use of MAC addresses, for example.
- a repeater can be embodied as an electronic device that receives and retransmits a communicated signal at a boosted power level to allow the signal to cover a telecommunication distance with reduced degradation.
- a network bridge can be configured to connect multiple network segments at the data link layer of a computer network while learning which addresses can be reached through which specific ports of the network.
- the bridge may associate a port with an address and then send traffic for that address only to that port.
- local bridges may be employed to directly connect local area networks (LANs); remote bridges can be used to create a wide area network (WAN) link between LANs; and/or, wireless bridges can be used to connect LANs and/or to connect remote stations to LANs.
- LANs local area networks
- remote bridges can be used to create a wide area network (WAN) link between LANs
- wireless bridges can be used to connect LANs and/or to connect remote stations to LANs.
- a hub may be employed which contains multiple ports. For example, when a data packet arrives at one port of a hub, the packet can be copied unmodified to all ports of the hub for transmission.
- a network switch or other devices that forward and filter OSI layer 2 datagrams between ports based on MAC addresses in data packets can also be used.
- a switch can possess multiple ports, such that most of the network is connected directly to the switch, or another switch that is in turn connected to a switch.
- the term “switch” can also include routers and bridges, as well as other devices that distribute data traffic by application content (e.g., a Web URL identifier).
- Switches may operate at one or more OSI model layers, including physical, data link, network, or transport (i.e., end-to-end).
- a device that operates simultaneously at more than one of these layers can be considered a multilayer switch.
- routers or other like networking devices may be used to forward data packets between networks using headers and forwarding tables to determine an optimum path through which to transmit the packets.
- an application server may be a server that hosts an API to expose business logic and business processes for use by other applications.
- Examples of application servers include J2EE or Java EE 5 application servers including WebSphere Application Server.
- Other examples include WebSphere Application Server Community Edition (IBM), Sybase Enterprise Application Server (Sybase Inc), WebLogic Server (BEA), JBoss (Red Hat), JRun (Adobe Systems), Apache Geronimo (Apache Software Foundation), Oracle OC4J (Oracle Corporation), Sun Java System Application Server (Sun Microsystems), and SAP Netweaver AS (ABAP/Java).
- application servers may be provided in accordance with the .NET framework, including the Windows Communication Foundation, .NET Remoting, ADO.NET, and ASP.NET among several other components.
- a Java Server Page is a servlet that executes in a web container which is functionally equivalent to CGI scripts. JSPs can be used to create HTML pages by embedding references to the server logic within the page.
- the application servers may mainly serve web-based applications, while other servers can perform as session initiation protocol servers, for instance, or work with telephony networks.
- Specifications for enterprise application integration and service-oriented architecture can be designed to connect many different computer network elements. Such specifications include Business Application Programming Interface, Web Services Interoperability, and Java EE Connector Architecture.
Abstract
Description
- This application is related to U.S. application Ser. No. 12/872,523 filed on Aug. 31, 2010 entitled, “Systems and Methods for Voting,” which is incorporated herein by reference in its entirety.
- The structure of most credit and debit transactions today is based on the original form of a standard credit card transaction. Such a transaction typically involved the use of a physical card and a physical signature as a means of protection against misuse. In an era of face-to-face transactions, this structure provided adequate security against improper and/or fraudulent purchases. Advancing technology and purchaser demand, however have led to new variations of the standard credit card transaction that do not require either the physical presentment of the card or the signature of the purchaser. Although these new techniques provide purchasers and vendors with increased convenience, they also reduce security and increase the probability of fraudulent purchases.
- Strains on the security of the standard credit card transaction began to appear, when it became possible to make credit card purchases over the phone. In a telephone transaction, the only information necessary to complete a purchase is the account number (i.e., credit or debit card number), the account expiration date and, sometimes, an additional security code (i.e., typically 3 or 4 additional digits). As a result, any person able to acquire the account number, expiration date and security code of a credit or debit account is able to make fraudulent telephone purchases on the account. Internet purchases suffer from the same security flaws as telephone purchases, though amplified by the nature of the Internet medium. Like telephone transactions, Internet transactions can be completed with only the account number, expiration date and security code associated with an account. In an Internet transaction, however, this information is transmitted over the Internet or other public network, creating additional opportunities for the theft of account information. The transmission itself is subject to interception, either in transit or at the purchaser's machine (i.e., via a Trojan horse, spyware, or other malware). Further many vendors retain purchasers' account information on the vendors' own systems. Accordingly, a purchaser's account information is at the mercy of security precautions taken by each vendor with which the purchaser does business. Still newer purchasing technology threatens to further undermine the security of credit and debit transactions. Recently there has been a push to use mobile phones and other hand-held devices in place of credit cards, allowing for purchases over the Internet and in-store using WIFI and other mobile networks. The use of mobile networks creates additional opportunities for the misappropriation of account information.
- Various attempts have been made to address the security shortcomings of the standard credit card transaction. For example, there has been a proliferation of gift cards, and prepaid cash equivalents. The fixed balance of these cards limits that amount that can be lost to theft, however, it also limits the usefulness of the card to legitimate purchasers. Further, many gift cards are usable only with a certain vendor or vendors. Also, some Internet purchases now utilize high security proxies to perform transactions and transmit payment information to the vendor. These methods, however, are often complicated and require the involvement of a third party (i.e., the high security proxy).
- Various embodiments of the present invention are described here by way of example in conjunction with the following figures, wherein:
-
FIG. 1 illustrates a block diagram of a system for generating proxy account data for customers of a financial institution. -
FIG. 2 illustrates one embodiment of a process flow for generating proxy account data for customers of a financial institution utilizing the system ofFIG. 1 . -
FIG. 3 illustrates one embodiment of a process flow for generating use-restricted proxy account data for customers of a financial institution utilizing the system ofFIG. 1 . -
FIG. 4 illustrates one embodiment of the system ofFIG. 1 showing a vendor and illustrating a transaction between the vendor and the customer utilizing proxy account data. -
FIG. 5 illustrates one embodiment of a process flow for completing a transaction between the customer and the vendor utilizing the system ofFIG. 4 . -
FIGS. 6 and 7 illustrate embodiments of the system ofFIG. 4 depicting example transactions where the purchaser provides the proxy account data utilizing a mobile device, such as a smart phone, palmtop computer, etc. - Various embodiments are directed to systems and methods for facilitating secure transactions utilizing proxy account data that is sequentially encrypted (e.g., by separate computer systems). The proxy account data may be associated with a financial account of a customer and may be used to authorize charges to the customer's account (e.g., to fund transactions with third-party vendors). For example, the proxy account data may be utilized to make on-line, telephone, and/or other purchases in a manner similar to the way that the customer would use actual account data. Each instance of proxy account data may be referred to as a proxy account data package.
- Proxy account data may be generated by a financial institution (or a third party provider) utilizing a sequential encryption. For example, an inner financial institution computer system (inner system) may associate a serial number with the customer's account. The serial number may be any suitable number and may be associated with the customer's account in any suitable manner. The inner system may encrypt the serial number and send the encrypted serial number to an outer financial institution computer system (outer system). The outer system may append checkable data to the encrypted serial number and then encrypt the combination of the encrypted serial number and the checkable data. In this way, the serial number may be double encrypted. The results of the encryption may yield the proxy account data. The proxy account data may then be communicated to the customer in any suitable manner.
- According to various embodiments, the customer may utilize the proxy account data by providing it to a vendor in person, by telephone, or electronically, in a manner similar to the way that the customer would provide his or her credit card number. The vendor, or other party, may provide the proxy account data to the financial institution along with a request for payment. The proxy account data and request may be processed by the inner and outer systems. The outer system may decrypt the proxy account data, yielding the encrypted serial number and the checkable data. The checkable data may be verified. Provided that the checkable data is verified, the outer system may transmit the checkable data to the inner system. The inner system may decrypt the encrypted serial number and verify that the serial number is properly associated with the customer's account. Provided that the serial number is properly associated with the customer's account, the financial institution may authorize that the customer's account be charged in a manner consistent with the payment request. In this way, the vendor never has access to the customer's account information. Accordingly, the customer's account information remains with the financial institution, protected by the Internet security systems already in place to protect the financial institution's computer systems.
- In various embodiments, proxy account data may be associated with transaction limitations that may be honored by the financial institution. For example, the serial number and/or checkable data of the proxy account data may be associated with any suitable type of transaction limitation including, for example, a maximum amount available for transactions, a maximum per-transaction amount, a limitation on vendors, an expiration time, and/or any other suitable limitation. In embodiments where the proxy account data is associated with limitations, the limitations may be derived at the time that the proxy account data is provided to the financial institution with a request for payment. For example, the financial institution may not authorize payment from the customer's account to the vendor unless the details of the transaction are consistent with the transaction limitations associated with the proxy account data.
-
FIG. 1 illustrates a block diagram of asystem 100 for generating proxy account data for customers of a financial institution. Acustomer 102 may interact with acomputer system 104 to obtain proxy account data. According to various embodiments, thecomputer system 104 may constitute all or part of a computer system of a financial institution (e.g., the financial institution providing thecustomer 102 with the account to be drawn on using the proxy account data). Thecustomer 102 may be in communication with thesystem 104, for example, utilizing a secure connection and/or user interface that may, in various embodiments, already be in place for thecustomer 102 to conduct banking business with the financial institution. In some embodiments, thecomputer system 104 may be provided by a third party service provider and may be in secure communication with a computer system (not shown) of the financial institution. - According to various embodiments, the
computer system 104 may comprise an outerfinancial institution system 108 and an innerfinancial institution system 106. The inner 106 andouter systems 108 may be separated from one another, for example, in order to increase the difficulty of hacking into bothsystems systems inner system 106 and outer system 108 (e.g., the functionality of both may be performed by thesystem 104 or a single component thereof). - The
inner system 106 may be in communication with one or more data stores including, for example, a serialnumber data store 110 and a serial numberassociation data store 112. Although thedata stores number data store 110 may comprise serial numbers that may be associated with customer account data. Serial numberassociations data store 112 may comprise associations between serial numbers and specific customer account data. Theouter system 108 may similarly be in electronic communication with a checkable dataassociation data store 114. Thedata store 114 may comprise associations between encrypted serial numbers and checkable data, for example, as described herein below. -
FIG. 2 illustrates one embodiment of aprocess flow 200 for generating proxy account data for customers of a financial institution utilizing thesystem 100. At 202, thesystem 104 may receive a request for proxy account data (e.g., from the customer 102). The request may be received in any suitable manner. According to various embodiments, thecustomer 102 may access thesystem 104 according to a secure connection and request one or more proxy account data packages in any suitable way. For example, thesystem 104 may provide the customer with a user interface (not shown) allowing the customer to request proxy account data. In various embodiments (e.g., when thesystem 104 is implemented directly by a financial institution) functionality for allowing thecustomer 102 to request proxy account data may be provided as part of a user interface that also provides theuser 102 with various tools for managing the customer's account or accounts with the financial institution (e.g., balance inquiry and transfer tools, electronic bill payment tools, electronic statement tools, etc.). In some embodiments, it may not be necessary for thecustomer 102 to request proxy account data. For example, thesystem 104 may be configured to automatically provide thecustomer 102 with a predetermined number of proxy account data packages (e.g. periodically). For example, the customer's account with the financial institution may include a feature where the financial institution provides thecustomer 102 with a predetermined number of proxy account data packages every month. - At 204, the system 104 (e.g., the inner system 106) may select a serial number to be used to generate the proxy account data. The serial number may be a block of digital data of any suitable size that is capable of being associated with the customer's account data (e.g., account number, expiration date, security code, etc.). In various embodiments, a list of suitable serial numbers may be stored by the
inner system 106, for example, at theserial number store 110. In some embodiments, the serial number may be all or a portion of account data specifically identifying the customer's account. It will be appreciated, however, that utilizing account data for the serial number will cause the account data to be present in the ultimately generated proxy account data, albeit in encrypted form. In some embodiments, theinner system 106 may keep track of serial numbers that have already been used to ensure that no serial number is in use for more than one account and/or more than one customer at the same time. It will be appreciated, however, that, in some embodiments, serial numbers may be re-used after all account proxy data representing previous uses of the serial number have expired. - At 206, the
inner system 106 may associate the selected serial number with data describing the customer's account. The data describing the customer's account may include, for example, an account number or any other identifying data. The association between the serial number and the customer's account may be stored at any suitable secure location including, for example, at the serial numberassociations data store 112. After making the association at 204, theinner system 106 may encrypt the serial number at 206. Upon encryption of the serial number, theinner system 106 may transmit the encrypted serial number to theouter system 108 according to any suitably secure transmission technique using any suitable local or wide area, wired, wireless or mixed network. - It will be appreciated that the serial number may be encrypted by the
inner system 106 according to any suitable encryption hardware or software method. For example, theinner system 106 may encrypt the serial number according to a symmetric, single key encryption method such as, for example, forms of the Advanced Encryption Standard (AES), Data Encryption Standard (DES), RC2, RC4, etc. Any suitable block size may be used. Also, according to various embodiments, an asymmetric or public-key infrastructure (PKI) encryption method may be used. For example, theinner system 106 may have a public key used to encrypt the serial number and a private key that may be used to decrypt the data packet. The public key may be generally available, while the private key may not be shared with any other systems. In some embodiments, symmetric and asymmetric encryption methods may be used together. For example, an asymmetric method may be used to transmit a symmetric key that may then be used for further communications. - At 210, the
outer system 108 may join the encrypted serial number with checkable data. The checkable data may be any suitable data that can be later used by theouter system 108 to verify the encrypted serial number. In some embodiments, the checkable data may comprise data describing thecustomer 102 and/or the customer's account. In addition, or instead, the checkable data may comprise a time stamp and/or machine stamp indicating theouter system 108. In this way, theouter system 108 may be able to subsequently verify that it created the resulting proxy account data. In some embodiments, the checkable data may comprise any type of data that may be associated with the encrypted serial number. For example, theouter system 108 may store an association between the encrypted serial number and the checkable data atdata store 114. - The
outer system 108 may encrypt the combination of the encrypted serial number and the checkable data at 212. The result of this encryption may be, or may be transformed into, the proxy account data. The proxy account data may subsequently be communicated to thecustomer 102 in any suitable manner. For example, the proxy account data may be printed to a paper or card, which may be subsequently mailed to the customer 102 (e.g., with an account statement). The proxy account data may be represented on the paper or card in any suitable form. For example, the proxy account data may be represented in alphanumeric form, in symbolic for, or as a bar code or other graphical code. In various embodiments, the proxy account data may be provided to thecustomer 102 electronically. For example, thesystem 104 may send an e-mail to thecustomer 102 including the proxy account data. The e-mail may be sent to a public e-mail account of thecustomer 102 and/or to a secure e-mail account associated with the customer's account with the financial institution. In various embodiments, the e-mail may comprise an electronic representation of the proxy account data that may be utilized by a personal computer device, such as a smart phone, to make purchases as described herein. Also, in various embodiments, the proxy account data may be provided to thecustomer 102 via a user interface provided by thesystem 104. For example, the proxy account data may be represented in a screen provided to thecustomer 102. Thecustomer 102 may then copy the proxy account data (e.g., electronically or manually) for later use. - According to various embodiments, instances of proxy account data (e.g., proxy account data packages) may be associated with use restrictions that limit the circumstances under which the proxy account data may be used in transactions with vendors. For example, some use restrictions may specify times or dates when the proxy account data may, or may not, be used. Also, for example, some use restrictions may specify a maximum number of times that proxy account data may be used. In addition, some use restrictions may specify a number of times that the proxy account data may be used prior to an expiration. Other use restrictions my be related to the types of vendors that the proxy account data may be used to pay. For example, a proxy account data package may be limited such that it is only valid with certain vendors, or categories of vendors. Similarly, proxy account data may be limited so that it is specifically invalid with certain vendors or categories of vendors. In some embodiments, use restrictions may be utilized to provide a greater level of security and/or assurance with a customer's account is to be used by someone other than the customer. For example, if the
customer 102 is a parent, thecustomer 102 may provide his or her child with a proxy account data package that is specifically limited to the types of purchases that thecustomer 102 would like the child to make. -
FIG. 3 illustrates one embodiment of aprocess flow 300 for generating use-restricted proxy account data for customers of a financial institution utilizing thesystem 100. At 302, thesystem 104 may receive a request for proxy account data. This action may occur in any suitable manner, for example as described above with respect to 202. Further, in some embodiments, thesystem 104 may generate proxy account data without having received a specific request, for example, as described above. At 304, thesystem 104 may receive, from thecustomer 102, use restrictions to be associated with the proxy account data. The use restrictions may include any suitable restriction on the types of transactions that may use the proxy account data including, for example, the restriction types discussed above. According to various embodiments, the use restrictions need not be received specifically from thecustomer 102 every time that a proxy account data package is generated. For example, thesystem 104 may store one or more pre-configured sets of use restrictions from which thecustomer 102 may select. Further, in some cases, thecustomer 102 may specify a default use restriction or set of use restrictions to be used when creating proxy account data (e.g., unless instructions to the contrary are received). - At 306, the
inner system 106 may select a serial number, for example, as described hereinabove with respect to 204. At 308, theinner system 106 may associate the serial number and the use restriction or restrictions with the customer's account. In this way, when the proxy account data is used to make a purchase, thesystem 104 may verify the validity of the proxy account data as well as whether the requested transaction complies with the use restrictions, for example, as described herein below. AlthoughFIG. 3 shows the use restrictions being associated with the serial number by theinner system 106, it will be appreciated that, alternatively, the encrypted serial number and/or checkable data may be associated with the use restrictions, for example, by theouter system 108. - At 310, the
inner system 106 may encrypt the serial number, for example, similar to the way described above with respect to 208. The resulting encrypted serial number may be transmitted to theouter system 108, which may join the encrypted serial number with checkable data at 312, for example, as described above with respect to 210. At 314, the outer system may encrypt the combination of the checkable data with the encrypted serial number, resulting in the proxy account data. -
FIG. 4 illustrates one embodiment of thesystem 100 showing avendor 120 and illustrating a transaction between thevendor 120 and thecustomer 102 utilizing proxy account data. Thevendor 120 may be any suitable type of vendor providing any type of goods or services for sale to thecustomer 102. For example, thevendor 120 may be an online or bricks-and-mortar retailer. In other embodiments, thevendor 120 may be a utility company, or any other company or entity to which thecustomer 102 may owe a payment.FIG. 5 illustrates one embodiment of aprocess flow 500 for completing a transaction between thecustomer 102 and thevendor 120 utilizing thesystem 100, as shown inFIG. 4 . The transaction may be initiated when thecustomer 102 pays for goods and services provided by thevendor 120 utilizing proxy account data. At 502, thesystem 104 may receive proxy account data and transaction data. The transaction data may describe the transaction between thecustomer 102 and thevendor 120 that will be completed by charging the customer's account utilizing the proxy account data. The proxy account data and transaction data may be received from thevendor 120, as shown inFIG. 4 . For example, thecustomer 102 may provide the proxy account data to thevendor 120 in the same way that thecustomer 102 would provide their credit card number and similar information. Transaction data provided to thevendor 120 from thecustomer 102 may include, for example, a description of the good and/or service that thecustomer 102 would like to purchase. Thevendor 120, in some embodiments, may updated the transaction data with an indication of thevendor 120 before sending to thesystem 104. In various embodiments, thepurchaser 102 may provide the proxy account data and transaction data directly to thesystem 104. - At 504, the
outer system 108 may decrypt the proxy account data. For example, theouter system 108 may have access to the encryption key used to encrypt the proxy account data and/or necessary to decrypt it, as described above. The result of decrypting the proxy account data may be checkable data and an encrypted serial number. At 506, theouter system 108 may verify the checkable data. For example, theouter system 108 may verify an association between the checkable data and the encrypted serial number (e.g., stored at database 114). If the checkable data is verified, theouter system 108 may transmit the encrypted serial number (and the transaction data) to the inner system 106 (e.g., via a secure connection). The inner system may decrypt the encrypted serial number at 508. At 510, theinner system 106 may determine whether the serial number is associated with a valid account (e.g., at data store 112). At 512, theinner system 106 may determine whether the transaction information is consistent with the serial number, or consistent with any use restrictions associated with the serial number (e.g., at data store 112). - Provided that the serial number is associated with a valid account and that the transaction data is consistent with any use restrictions associated with the serial number, the
inner system 106 may authorize payment to thevendor 120 from the customer's account. Payment may be effectuated according to any suitable method. For example, payment from the customer's account to thevendor 120 may be made in a manner similar to that of current credit and/or debit transactions. It will be appreciated that theprocess flow 500, in some embodiments, may be executed by thesystem 104 at or near real time (e.g., with a speed similar to that of current credit card authorization determinations). In this way, thevendor 120 may wait to receive at least authorization from thesystem 104 prior to completing the transaction with thecustomer 102. - As described above, the
customer 102 may provide proxy account data to thevendor 120, or directly to thesystem 104, in any suitable way. For example, when the vendor is an Internet or web-based vendor, thecustomer 102 may provide the proxy account data by entering it into a window of the vendor's site. For example, the vendor's site may comprise a drop-down menu allowing thecustomer 102 to select a payment method. When thecustomer 102 selects a method corresponding to the proxy account data, the vendor's site may provide a field for receiving the proxy account data. Also, in some embodiments, the vendor's site may comprise an interface to thesystem 104 allowing thecustomer 102 to provide the proxy account data directly to thesystem 104 through the vendor's site. It will be appreciated that proxy account data may also be used for in-person purchases. For example, thecustomer 102 may provide a card comprising the proxy account data in alphanumeric and/or symbolic form to thevendor 120. Thevendor 120 may transmit the proxy account data to thesystem 104 by manually or automatically entering it into a vendor computer system (not shown). For example, thevendor 120 may have a bar code reader to read a bar code from the card provided by the customer. In still other embodiments, thecustomer 102 may verbally indicate the proxy account data to thevendor 120. -
FIGS. 6 and 7 illustrate embodiments of thesystem 100 depicting example transactions where thepurchaser 102 provides the proxy account data utilizing a mobile device, such as a smart phone, palmtop computer, etc. Referring toFIG. 6 , thecustomer 102 may have amobile device 602. Themobile device 602 may be any sort of mobile electronic device capable of receiving and storing proxy account data. For example, themobile device 602 may be a general purpose mobile device such as, for example, a mobile phone, a smart mobile phone, a palmtop computer, a laptop computer, etc. In some embodiments, themobile device 602 may be a device dedicated to facilitating payments such as, for example, a key fob a smart card comprising a microchip, etc. - As illustrated in
FIG. 6 , themobile device 602 may receive the proxy account data from thesystem 104. For example, themobile device 602 may communicate directly with thesystem 104 via a network (not shown) such as the Internet. Also, for example, the proxy account data may be stored on a storage medium, which may be read by themobile device 602. In various embodiments, themobile device 602 may be capable of wireless communications. Thevendor 120 may comprise a wireless access device 600 for receiving wireless transmissions from themobile device 602. When thepurchaser 102 chooses to engage in a transaction with thevendor 120, the purchaser may place the mobile device in communication with thevendor 120. For example, thepurchaser 102 may move themobile device 102 within range of the wireless access device 600. Also, in some embodiments, thepurchaser 102 may prompt themobile device 602 to send the proxy account data to thevendor 120. - Referring now to
FIG. 7 , in some embodiments, themobile device 602 may transmit the proxy account data to thevendor 120 utilizing a bar code or any other suitable visual and/or graphical code. For example, themobile device 602 may be configured to represent the proxy account data on a screen in the form of a bar code or other visual and/or graphical code. Thepurchaser 102 may communicate the proxy account data to thevendor 120 by placing the mobile device 602 (and specifically its screen) within range of abar code reader 700 in communication with thevendor 120. In some embodiments, thepurchaser 102 may capture or extract an image of the bar code or other code and transmit the image to thevendor 120, in lieu of using thebar code reader 700. It will be appreciated that, althoughFIGS. 6 and 7 show themobile device 602 sending proxy account data and transaction data to thevendor 102, in some embodiments, themobile device 602 may send only the proxy account data. Transaction data (e.g., which items or services thepurchaser 102 intends to buy) may be conveyed verbally or by another method. Also, althoughFIGS. 6 and 7 show themobile device 602 communicating the proxy account data to thevendor 120, in some embodiments, themobile device 602 may communicate the proxy account data directly to thesystem 104. - According to various embodiments, steps may be taken to prevent hacking of the
financial institution system 104. For example, the financial institution may have security features in place to prevent unauthorized access to thesystem 104 and to facilitate secure communications with customers. Any suitable technology may be used including, for example, HTTPS, secure socket layer (SSL), etc. An additional security feature of thesystem 100 may arise from the dual nature of the inner and outer systems. For example, in order to nefariously generate proxy account data, a hacker would be required to separately hack into bothsystems systems systems -
Different computer systems parties devices 602 are described herein as communicating with one another. It will be appreciated that this communication may take place according to any suitable method. For example, according to various embodiments, some or all of the computer systems or parties described herein may be in communication with one another via a network or networks. The network or networks may operate according to any suitable wired or wireless communication protocol and may utilize any suitable hardware or software. In some embodiments, the network or networks may include, a wide area network (WAN) such as the Internet, a local area network (LAN), etc. - When communications between the
systems parties devices 602 take place over the Internet or other public network, it will be appreciated that these communications may be encrypted. For example, one or more of the systems may utilize an asymmetric or public key infrastructure (PKI) method. According to a PKI system, each system may have a public key that may be used for encrypting messages and a private key that may be used for decryption. The public key may be provided to any systems having need to send data to the first system. The data may be encrypted with the public key such that it may only be decrypted with the private key, which may be kept secret by the receiving system. In this way, all communications between the various systems may be decrypted only by their intended recipients. - According to various embodiments, the
systems system 106 may not share any hardware with thesystem 108. This may increase security as it may make it more difficult for a potential hacker to access the sensitive operations of bothsystem systems systems systems system inner system 106 andouter system 108 may not be present and thesystem 104 may generally perform all of the actions described herein and attributed to either thesystem 106 or thesystem 108. Although this configuration may be less secure, it may be advantageous in some circumstances to avoid the expense and complexity of implementingmultiple systems systems inner system 106 and theouter system 108. Despite this, it will be appreciated that these systems may be placed in any suitable configuration relative to one another, thesystem 104, thevendor 120 and/or thepurchaser 102. - The examples presented herein are intended to illustrate potential and specific implementations of the present invention. It can be appreciated that the examples are intended primarily for purposes of illustration of the invention for those skilled in the art. No particular aspect or aspects of the examples are necessarily intended to limit the scope of the present invention. For example, no particular aspect or aspects of the examples of system architectures, methods or processing structures described herein are necessarily intended to limit the scope of the invention.
- It is to be understood that the figures and descriptions of the present invention have been simplified to illustrate elements that are relevant for a clear understanding of the present invention, while eliminating, for purposes of clarity, other elements. Those of ordinary skill in the art will recognize, however, that these sorts of focused descriptions would not facilitate a better understanding of the present invention, and therefore, a more detailed description of such elements is not provided herein.
- In various embodiments, modules or software can be used to practice certain aspects of the invention. For example, software-as-a-service (SaaS) models or application service provider (ASP) models may be employed as software application delivery models to communicate software applications to clients (e.g., the vendor 120) or other users. Such software applications can be downloaded through an Internet connection, for example, and operated either independently (e.g., downloaded to a laptop or desktop computer system) or through a third-party service provider (e.g., accessed through a third-party web site). In addition, cloud computing techniques may be employed in connection with various embodiments of the invention.
- Moreover, the processes associated with the present embodiments may be executed by programmable equipment, such as computers. Software or other sets of instructions that may be employed to cause programmable equipment to execute the processes. The processes may be stored in any storage device, such as, for example, a computer system (non-volatile) memory, an optical disk, magnetic tape, or magnetic disk. Furthermore, some of the processes may be programmed when the computer system is manufactured or via a computer-readable memory medium.
- It can also be appreciated that certain process aspects described herein may be performed using instructions stored on a computer-readable memory medium or media that direct a computer or computer system to perform process steps. A computer-readable medium may include, for example, memory devices such as diskettes, compact discs of both read-only and read/write varieties, optical disk drives, and hard disk drives. A computer-readable medium may also include memory storage that may be physical, virtual, permanent, temporary, semi-permanent and/or semi-temporary.
- Any patent, publication, or other disclosure material, in whole or in part, that is said to be incorporated by reference herein is incorporated herein only to the extent that the incorporated materials does not conflict with existing definitions, statements, or other disclosure material set forth in this disclosure. As such, and to the extent necessary, the disclosure as explicitly set forth herein supersedes any conflicting material incorporated herein by reference. Any material, or portion thereof, that is said to be incorporated by reference herein, but which conflicts with existing definitions, statements, or other disclosure material set forth herein will only be incorporated to the extent that no conflict arises between that incorporated material and the existing disclosure material.
- A “computer,” “computer device,” “computer system,” “system,” “host,” “engine,” or “processor” may be, for example and without limitation, a processor, microcomputer, minicomputer, server, mainframe, laptop, personal data assistant (PDA), wireless e-mail device, cellular phone, pager, processor, fax machine, scanner, or any other programmable device configured to transmit and/or receive data over a network. Computer systems and computer-based devices disclosed herein may include memory for storing certain software applications used in obtaining, processing, and communicating information. It can be appreciated that such memory may be internal or external with respect to operation of the disclosed embodiments. The memory may also include any means for storing software, including a hard disk, an optical disk, floppy disk, ROM (read only memory), RAM (random access memory), PROM (programmable ROM), EEPROM (electrically erasable PROM) and/or other computer-readable memory media.
- In various embodiments of the present invention, a single component may be replaced by multiple components, and multiple components may be replaced by a single component, to perform a given function or functions. Except where such substitution would not be operative to practice embodiments of the present invention, such substitution is within the scope of the present invention. Any of the servers or computer systems described herein, for example, may be replaced by a “server farm” or other grouping of networked servers (e.g., a group of server blades) that are located and configured for cooperative functions. It can be appreciated that a server farm may serve to distribute workload between/among individual components of the farm and may expedite computing processes by harnessing the collective and cooperative power of multiple servers. Such server farms may employ load-balancing software that accomplishes tasks such as, for example, tracking demand for processing power from different machines, prioritizing and scheduling tasks based on network demand, and/or providing backup contingency in the event of component failure or reduction in operability.
- Various embodiments of the systems and methods described herein may employ one or more electronic computer networks to promote communication among different components, transfer data, or to share resources and information. Such computer networks can be classified according to the hardware and software technology that is used to interconnect the devices in the network, such as optical fiber, Ethernet, wireless LAN, HomePNA, power line communication or G.hn. The computer networks may also be embodied as one or more of the following types of networks: local area network (LAN); metropolitan area network (MAN); wide area network (WAN); virtual private network (VPN); storage area network (SAN); or global area network (GAN), among other network varieties.
- For example, a WAN computer network may cover a broad area by linking communications across metropolitan, regional, or national boundaries. The network may use routers and/or public communication links. One type of data communication network may cover a relatively broad geographic area (e.g., city-to-city or country-to-country) which uses transmission facilities provided by common carriers, such as telephone service providers. In another example, a GAN computer network may support mobile communications across multiple wireless LANs or satellite networks. In another example, a VPN computer network may include links between nodes carried by open connections or virtual circuits in another network (e.g., the Internet) instead of by physical wires. The link-layer protocols of the VPN can be tunneled through the other network. One VPN application can promote secure communications through the Internet. The VPN can also be used to separately and securely conduct the traffic of different user communities over an underlying network. The VPN may provide users with the virtual experience of accessing the network through an IP address location other than the actual IP address which connects the access device to the network.
- Computer networks may include hardware elements to interconnect network nodes, such as network interface cards (NICs) or Ethernet cards, repeaters, bridges, hubs, switches, routers, and other like components. Such elements may be physically wired for communication and/or data connections may be provided with microwave links (e.g., IEEE 802.12) or fiber optics, for example. A network card, network adapter or NIC can be designed to allow computers to communicate over the computer network by providing physical access to a network and an addressing system through the use of MAC addresses, for example. A repeater can be embodied as an electronic device that receives and retransmits a communicated signal at a boosted power level to allow the signal to cover a telecommunication distance with reduced degradation. A network bridge can be configured to connect multiple network segments at the data link layer of a computer network while learning which addresses can be reached through which specific ports of the network. In the network, the bridge may associate a port with an address and then send traffic for that address only to that port. In various embodiments, local bridges may be employed to directly connect local area networks (LANs); remote bridges can be used to create a wide area network (WAN) link between LANs; and/or, wireless bridges can be used to connect LANs and/or to connect remote stations to LANs.
- In various embodiments, a hub may be employed which contains multiple ports. For example, when a data packet arrives at one port of a hub, the packet can be copied unmodified to all ports of the hub for transmission. A network switch or other devices that forward and filter OSI layer 2 datagrams between ports based on MAC addresses in data packets can also be used. A switch can possess multiple ports, such that most of the network is connected directly to the switch, or another switch that is in turn connected to a switch. The term “switch” can also include routers and bridges, as well as other devices that distribute data traffic by application content (e.g., a Web URL identifier). Switches may operate at one or more OSI model layers, including physical, data link, network, or transport (i.e., end-to-end). A device that operates simultaneously at more than one of these layers can be considered a multilayer switch. In certain embodiments, routers or other like networking devices may be used to forward data packets between networks using headers and forwarding tables to determine an optimum path through which to transmit the packets.
- As employed herein, an application server may be a server that hosts an API to expose business logic and business processes for use by other applications. Examples of application servers include J2EE or Java EE 5 application servers including WebSphere Application Server. Other examples include WebSphere Application Server Community Edition (IBM), Sybase Enterprise Application Server (Sybase Inc), WebLogic Server (BEA), JBoss (Red Hat), JRun (Adobe Systems), Apache Geronimo (Apache Software Foundation), Oracle OC4J (Oracle Corporation), Sun Java System Application Server (Sun Microsystems), and SAP Netweaver AS (ABAP/Java). Also, application servers may be provided in accordance with the .NET framework, including the Windows Communication Foundation, .NET Remoting, ADO.NET, and ASP.NET among several other components. For example, a Java Server Page (JSP) is a servlet that executes in a web container which is functionally equivalent to CGI scripts. JSPs can be used to create HTML pages by embedding references to the server logic within the page. The application servers may mainly serve web-based applications, while other servers can perform as session initiation protocol servers, for instance, or work with telephony networks. Specifications for enterprise application integration and service-oriented architecture can be designed to connect many different computer network elements. Such specifications include Business Application Programming Interface, Web Services Interoperability, and Java EE Connector Architecture.
- While various embodiments of the invention have been described herein, it should be apparent, however, that various modifications, alterations and adaptations to those embodiments may occur to persons skilled in the art with the attainment of some or all of the advantages of the present invention. The disclosed embodiments are therefore intended to include all such modifications, alterations and adaptations without departing from the scope and spirit of the present invention as set forth in the appended claims.
Claims (17)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/272,223 US20140244515A1 (en) | 2010-12-16 | 2014-05-07 | Systems and methods for facilitating secure access |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/970,414 US8762284B2 (en) | 2010-12-16 | 2010-12-16 | Systems and methods for facilitating secure transactions |
US14/272,223 US20140244515A1 (en) | 2010-12-16 | 2014-05-07 | Systems and methods for facilitating secure access |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/970,414 Continuation US8762284B2 (en) | 2010-12-16 | 2010-12-16 | Systems and methods for facilitating secure transactions |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140244515A1 true US20140244515A1 (en) | 2014-08-28 |
Family
ID=46235658
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/970,414 Expired - Fee Related US8762284B2 (en) | 2010-12-16 | 2010-12-16 | Systems and methods for facilitating secure transactions |
US14/272,223 Abandoned US20140244515A1 (en) | 2010-12-16 | 2014-05-07 | Systems and methods for facilitating secure access |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/970,414 Expired - Fee Related US8762284B2 (en) | 2010-12-16 | 2010-12-16 | Systems and methods for facilitating secure transactions |
Country Status (4)
Country | Link |
---|---|
US (2) | US8762284B2 (en) |
EP (1) | EP2652696A4 (en) |
JP (1) | JP5857067B2 (en) |
WO (1) | WO2012082905A1 (en) |
Cited By (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017011596A1 (en) * | 2015-07-13 | 2017-01-19 | Clearxchange, Llc | Systems and methods for facilitating a secure transaction at a non-financial institution system |
US9626664B2 (en) | 2012-03-07 | 2017-04-18 | Clearxchange, Llc | System and method for transferring funds |
US10318936B2 (en) | 2012-03-07 | 2019-06-11 | Early Warning Services, Llc | System and method for transferring funds |
US10395223B2 (en) | 2012-03-07 | 2019-08-27 | Early Warning Services, Llc | System and method for transferring funds |
US10395247B2 (en) | 2012-03-07 | 2019-08-27 | Early Warning Services, Llc | Systems and methods for facilitating a secure transaction at a non-financial institution system |
US10438175B2 (en) | 2015-07-21 | 2019-10-08 | Early Warning Services, Llc | Secure real-time payment transactions |
US10748127B2 (en) | 2015-03-23 | 2020-08-18 | Early Warning Services, Llc | Payment real-time funds availability |
US10769606B2 (en) | 2015-03-23 | 2020-09-08 | Early Warning Services, Llc | Payment real-time funds availability |
US10832246B2 (en) | 2015-03-23 | 2020-11-10 | Early Warning Services, Llc | Payment real-time funds availability |
US10839359B2 (en) | 2015-03-23 | 2020-11-17 | Early Warning Services, Llc | Payment real-time funds availability |
US10846662B2 (en) | 2015-03-23 | 2020-11-24 | Early Warning Services, Llc | Real-time determination of funds availability for checks and ACH items |
US10956888B2 (en) | 2015-07-21 | 2021-03-23 | Early Warning Services, Llc | Secure real-time transactions |
US10963856B2 (en) | 2015-07-21 | 2021-03-30 | Early Warning Services, Llc | Secure real-time transactions |
US10970688B2 (en) | 2012-03-07 | 2021-04-06 | Early Warning Services, Llc | System and method for transferring funds |
US10970695B2 (en) | 2015-07-21 | 2021-04-06 | Early Warning Services, Llc | Secure real-time transactions |
US20210173949A1 (en) * | 2019-12-10 | 2021-06-10 | Winkk, Inc | Method and apparatus using personal computing device as a secure identification |
US11037121B2 (en) | 2015-07-21 | 2021-06-15 | Early Warning Services, Llc | Secure real-time transactions |
US11037122B2 (en) | 2015-07-21 | 2021-06-15 | Early Warning Services, Llc | Secure real-time transactions |
US11062290B2 (en) | 2015-07-21 | 2021-07-13 | Early Warning Services, Llc | Secure real-time transactions |
US11144928B2 (en) | 2016-09-19 | 2021-10-12 | Early Warning Services, Llc | Authentication and fraud prevention in provisioning a mobile wallet |
US11151522B2 (en) | 2015-07-21 | 2021-10-19 | Early Warning Services, Llc | Secure transactions with offline device |
US11151523B2 (en) | 2015-07-21 | 2021-10-19 | Early Warning Services, Llc | Secure transactions with offline device |
US11157884B2 (en) | 2015-07-21 | 2021-10-26 | Early Warning Services, Llc | Secure transactions with offline device |
US11386410B2 (en) | 2015-07-21 | 2022-07-12 | Early Warning Services, Llc | Secure transactions with offline device |
US11593800B2 (en) | 2012-03-07 | 2023-02-28 | Early Warning Services, Llc | System and method for transferring funds |
US11824999B2 (en) | 2021-08-13 | 2023-11-21 | Winkk, Inc. | Chosen-plaintext secure cryptosystem and authentication |
US11843943B2 (en) | 2021-06-04 | 2023-12-12 | Winkk, Inc. | Dynamic key exchange for moving target |
US11902777B2 (en) | 2019-12-10 | 2024-02-13 | Winkk, Inc. | Method and apparatus for encryption key exchange with enhanced security through opti-encryption channel |
US11928194B2 (en) | 2019-12-10 | 2024-03-12 | Wiinkk, Inc. | Automated transparent login without saved credentials or passwords |
US11928193B2 (en) | 2019-12-10 | 2024-03-12 | Winkk, Inc. | Multi-factor authentication using behavior and machine learning |
US11934514B2 (en) | 2019-12-10 | 2024-03-19 | Winkk, Inc. | Automated ID proofing using a random multitude of real-time behavioral biometric samplings |
US11936787B2 (en) | 2019-12-10 | 2024-03-19 | Winkk, Inc. | User identification proofing using a combination of user responses to system turing tests using biometric methods |
Families Citing this family (134)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140019352A1 (en) | 2011-02-22 | 2014-01-16 | Visa International Service Association | Multi-purpose virtual card transaction apparatuses, methods and systems |
US20060064378A1 (en) * | 2004-09-21 | 2006-03-23 | Jeff Clementz | Method and apparatus for maintaining linked accounts |
US8762263B2 (en) | 2005-09-06 | 2014-06-24 | Visa U.S.A. Inc. | System and method for secured account numbers in proximity devices |
US7945512B2 (en) | 2007-03-14 | 2011-05-17 | Ebay Inc. | Spending and savings secondary linked accounts |
US20080228638A1 (en) * | 2007-03-14 | 2008-09-18 | Ebay Inc. | Method and system of controlling linked accounts |
US8121956B2 (en) | 2007-06-25 | 2012-02-21 | Visa U.S.A. Inc. | Cardless challenge systems and methods |
US7739169B2 (en) | 2007-06-25 | 2010-06-15 | Visa U.S.A. Inc. | Restricting access to compromised account information |
US7937324B2 (en) | 2007-09-13 | 2011-05-03 | Visa U.S.A. Inc. | Account permanence |
US8219489B2 (en) | 2008-07-29 | 2012-07-10 | Visa U.S.A. Inc. | Transaction processing using a global unique identifier |
WO2010053899A2 (en) | 2008-11-06 | 2010-05-14 | Visa International Service Association | Online challenge-response |
US9715681B2 (en) | 2009-04-28 | 2017-07-25 | Visa International Service Association | Verification of portable consumer devices |
US9038886B2 (en) | 2009-05-15 | 2015-05-26 | Visa International Service Association | Verification of portable consumer devices |
US7891560B2 (en) | 2009-05-15 | 2011-02-22 | Visa International Service Assocation | Verification of portable consumer devices |
US8602293B2 (en) | 2009-05-15 | 2013-12-10 | Visa International Service Association | Integration of verification tokens with portable computing devices |
US10846683B2 (en) | 2009-05-15 | 2020-11-24 | Visa International Service Association | Integration of verification tokens with mobile communication devices |
US8534564B2 (en) | 2009-05-15 | 2013-09-17 | Ayman Hammad | Integration of verification tokens with mobile communication devices |
US8893967B2 (en) | 2009-05-15 | 2014-11-25 | Visa International Service Association | Secure Communication of payment information to merchants using a verification token |
US9105027B2 (en) | 2009-05-15 | 2015-08-11 | Visa International Service Association | Verification of portable consumer device for secure services |
US10140598B2 (en) | 2009-05-20 | 2018-11-27 | Visa International Service Association | Device including encrypted data for expiration date and verification value creation |
US10255591B2 (en) | 2009-12-18 | 2019-04-09 | Visa International Service Association | Payment channel returning limited use proxy dynamic value |
CN102713922B (en) | 2010-01-12 | 2015-11-25 | 维萨国际服务协会 | For the method whenever confirmed to checking token |
US9424413B2 (en) | 2010-02-24 | 2016-08-23 | Visa International Service Association | Integration of payment capability into secure elements of computers |
US10255601B2 (en) | 2010-02-25 | 2019-04-09 | Visa International Service Association | Multifactor authentication using a directory server |
US9245267B2 (en) | 2010-03-03 | 2016-01-26 | Visa International Service Association | Portable account number for consumer payment account |
US9342832B2 (en) | 2010-08-12 | 2016-05-17 | Visa International Service Association | Securing external systems with account token substitution |
US9536366B2 (en) | 2010-08-31 | 2017-01-03 | Democracyontheweb, Llc | Systems and methods for voting |
CN109118199A (en) | 2011-02-16 | 2019-01-01 | 维萨国际服务协会 | Snap mobile payment device, method and system |
US10586227B2 (en) | 2011-02-16 | 2020-03-10 | Visa International Service Association | Snap mobile payment apparatuses, methods and systems |
SG193510A1 (en) | 2011-02-22 | 2013-10-30 | Visa Int Service Ass | Universal electronic payment apparatuses, methods and systems |
US20120259768A1 (en) * | 2011-04-05 | 2012-10-11 | Ebay Inc. | System and method for providing proxy accounts |
WO2012142045A2 (en) | 2011-04-11 | 2012-10-18 | Visa International Service Association | Multiple tokenization for authentication |
US9582598B2 (en) | 2011-07-05 | 2017-02-28 | Visa International Service Association | Hybrid applications utilizing distributed models and views apparatuses, methods and systems |
US9355393B2 (en) | 2011-08-18 | 2016-05-31 | Visa International Service Association | Multi-directional wallet connector apparatuses, methods and systems |
WO2013006725A2 (en) | 2011-07-05 | 2013-01-10 | Visa International Service Association | Electronic wallet checkout platform apparatuses, methods and systems |
WO2013019567A2 (en) | 2011-07-29 | 2013-02-07 | Visa International Service Association | Passing payment tokens through an hop/sop |
US10825001B2 (en) | 2011-08-18 | 2020-11-03 | Visa International Service Association | Multi-directional wallet connector apparatuses, methods and systems |
US10242358B2 (en) | 2011-08-18 | 2019-03-26 | Visa International Service Association | Remote decoupled application persistent state apparatuses, methods and systems |
US9710807B2 (en) | 2011-08-18 | 2017-07-18 | Visa International Service Association | Third-party value added wallet features and interfaces apparatuses, methods and systems |
US9165294B2 (en) | 2011-08-24 | 2015-10-20 | Visa International Service Association | Method for using barcodes and mobile devices to conduct payment transactions |
US10223730B2 (en) | 2011-09-23 | 2019-03-05 | Visa International Service Association | E-wallet store injection search apparatuses, methods and systems |
US10223710B2 (en) | 2013-01-04 | 2019-03-05 | Visa International Service Association | Wearable intelligent vision device apparatuses, methods and systems |
RU2631983C2 (en) | 2012-01-05 | 2017-09-29 | Виза Интернэшнл Сервис Ассосиэйшн | Data protection with translation |
WO2013113004A1 (en) | 2012-01-26 | 2013-08-01 | Visa International Service Association | System and method of providing tokenization as a service |
AU2013214801B2 (en) | 2012-02-02 | 2018-06-21 | Visa International Service Association | Multi-source, multi-dimensional, cross-entity, multimedia database platform apparatuses, methods and systems |
US10282724B2 (en) | 2012-03-06 | 2019-05-07 | Visa International Service Association | Security system incorporating mobile device |
WO2013166501A1 (en) | 2012-05-04 | 2013-11-07 | Visa International Service Association | System and method for local data conversion |
US9524501B2 (en) | 2012-06-06 | 2016-12-20 | Visa International Service Association | Method and system for correlating diverse transaction data |
US9547769B2 (en) | 2012-07-03 | 2017-01-17 | Visa International Service Association | Data protection hub |
US9846861B2 (en) | 2012-07-25 | 2017-12-19 | Visa International Service Association | Upstream and downstream data conversion |
US9256871B2 (en) | 2012-07-26 | 2016-02-09 | Visa U.S.A. Inc. | Configurable payment tokens |
US9665722B2 (en) | 2012-08-10 | 2017-05-30 | Visa International Service Association | Privacy firewall |
US20140058945A1 (en) * | 2012-08-22 | 2014-02-27 | Mcafee, Inc. | Anonymous payment brokering |
US9268933B2 (en) | 2012-08-22 | 2016-02-23 | Mcafee, Inc. | Privacy broker |
US9262623B2 (en) | 2012-08-22 | 2016-02-16 | Mcafee, Inc. | Anonymous shipment brokering |
WO2014043278A1 (en) | 2012-09-11 | 2014-03-20 | Visa International Service Association | Cloud-based virtual wallet nfc apparatuses, methods and systems |
KR101451214B1 (en) * | 2012-09-14 | 2014-10-15 | 주식회사 엘지씨엔에스 | Payment method, server performing the same, storage media storing the same and system performing the same |
US10176478B2 (en) | 2012-10-23 | 2019-01-08 | Visa International Service Association | Transaction initiation determination system utilizing transaction data elements |
KR20140060849A (en) * | 2012-11-12 | 2014-05-21 | 주식회사 케이티 | System and method for card payment |
US9911118B2 (en) | 2012-11-21 | 2018-03-06 | Visa International Service Association | Device pairing via trusted intermediary |
US10304047B2 (en) | 2012-12-07 | 2019-05-28 | Visa International Service Association | Token generating component |
US9445262B2 (en) * | 2012-12-10 | 2016-09-13 | Lg Uplus Corp. | Authentication server, mobile terminal and method for issuing radio frequency card key using authentication server and mobile terminal |
US10740731B2 (en) | 2013-01-02 | 2020-08-11 | Visa International Service Association | Third party settlement |
US9741051B2 (en) | 2013-01-02 | 2017-08-22 | Visa International Service Association | Tokenization and third-party interaction |
US11055710B2 (en) | 2013-05-02 | 2021-07-06 | Visa International Service Association | Systems and methods for verifying and processing transactions using virtual currency |
SG11201509386UA (en) | 2013-05-15 | 2015-12-30 | Visa Int Service Ass | Mobile tokenization hub |
US10373166B2 (en) * | 2013-05-24 | 2019-08-06 | Marc George | System for managing personal identifiers and financial instrument use |
US10878422B2 (en) | 2013-06-17 | 2020-12-29 | Visa International Service Association | System and method using merchant token |
CN113469670B (en) | 2013-07-24 | 2024-04-05 | 维萨国际服务协会 | System and method for ensuring data transfer risk using tokens |
AU2014294613B2 (en) | 2013-07-26 | 2017-03-16 | Visa International Service Association | Provisioning payment credentials to a consumer |
SG11201600909QA (en) | 2013-08-08 | 2016-03-30 | Visa Int Service Ass | Methods and systems for provisioning mobile devices with payment credentials |
US10496986B2 (en) | 2013-08-08 | 2019-12-03 | Visa International Service Association | Multi-network tokenization processing |
US9978094B2 (en) | 2013-10-11 | 2018-05-22 | Visa International Service Association | Tokenization revocation list |
EP3937108A1 (en) | 2013-10-11 | 2022-01-12 | Visa International Service Association | Network token system |
US10515358B2 (en) | 2013-10-18 | 2019-12-24 | Visa International Service Association | Contextual transaction token methods and systems |
US10489779B2 (en) | 2013-10-21 | 2019-11-26 | Visa International Service Association | Multi-network token bin routing with defined verification parameters |
US10366387B2 (en) | 2013-10-29 | 2019-07-30 | Visa International Service Association | Digital wallet system and method |
SG10201900029SA (en) | 2013-11-19 | 2019-02-27 | Visa Int Service Ass | Automated account provisioning |
AU2014368949A1 (en) | 2013-12-19 | 2016-06-09 | Visa International Service Association | Cloud-based transactions methods and systems |
US9922322B2 (en) | 2013-12-19 | 2018-03-20 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
US10433128B2 (en) | 2014-01-07 | 2019-10-01 | Visa International Service Association | Methods and systems for provisioning multiple devices |
US9846878B2 (en) | 2014-01-14 | 2017-12-19 | Visa International Service Association | Payment account identifier system |
US10026087B2 (en) | 2014-04-08 | 2018-07-17 | Visa International Service Association | Data passed in an interaction |
US9942043B2 (en) | 2014-04-23 | 2018-04-10 | Visa International Service Association | Token security on a communication device |
CA2946150A1 (en) | 2014-05-01 | 2015-11-05 | Visa International Service Association | Data verification using access device |
EP3140798A4 (en) | 2014-05-05 | 2017-12-20 | Visa International Service Association | System and method for token domain control |
CN106465112A (en) | 2014-05-21 | 2017-02-22 | 维萨国际服务协会 | Offline authentication |
US11023890B2 (en) | 2014-06-05 | 2021-06-01 | Visa International Service Association | Identification and verification for provisioning mobile application |
US9780953B2 (en) | 2014-07-23 | 2017-10-03 | Visa International Service Association | Systems and methods for secure detokenization |
US10484345B2 (en) | 2014-07-31 | 2019-11-19 | Visa International Service Association | System and method for identity verification across mobile applications |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US10140615B2 (en) | 2014-09-22 | 2018-11-27 | Visa International Service Association | Secure mobile device credential provisioning using risk decision non-overrides |
ES2732564T3 (en) | 2014-09-26 | 2019-11-25 | Visa Int Service Ass | Remote server encrypted data provisioning system and procedures |
US11257074B2 (en) | 2014-09-29 | 2022-02-22 | Visa International Service Association | Transaction risk based token |
US10015147B2 (en) | 2014-10-22 | 2018-07-03 | Visa International Service Association | Token enrollment system and method |
GB201419016D0 (en) | 2014-10-24 | 2014-12-10 | Visa Europe Ltd | Transaction Messaging |
US10325261B2 (en) | 2014-11-25 | 2019-06-18 | Visa International Service Association | Systems communications with non-sensitive identifiers |
US11620643B2 (en) | 2014-11-26 | 2023-04-04 | Visa International Service Association | Tokenization request via access device |
AU2015361023B2 (en) | 2014-12-12 | 2019-08-29 | Visa International Service Association | Provisioning platform for machine-to-machine devices |
US10257185B2 (en) | 2014-12-12 | 2019-04-09 | Visa International Service Association | Automated access data provisioning |
US10187363B2 (en) | 2014-12-31 | 2019-01-22 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US10096009B2 (en) | 2015-01-20 | 2018-10-09 | Visa International Service Association | Secure payment processing using authorization request |
US11250391B2 (en) | 2015-01-30 | 2022-02-15 | Visa International Service Association | Token check offline |
WO2016126729A1 (en) | 2015-02-03 | 2016-08-11 | Visa International Service Association | Validation identity tokens for transactions |
US10977657B2 (en) | 2015-02-09 | 2021-04-13 | Visa International Service Association | Token processing utilizing multiple authorizations |
US10164996B2 (en) | 2015-03-12 | 2018-12-25 | Visa International Service Association | Methods and systems for providing a low value token buffer |
EP3281164B1 (en) | 2015-04-10 | 2019-06-05 | Visa International Service Association | Browser integration with cryptogram |
US9998978B2 (en) | 2015-04-16 | 2018-06-12 | Visa International Service Association | Systems and methods for processing dormant virtual access devices |
US10552834B2 (en) | 2015-04-30 | 2020-02-04 | Visa International Service Association | Tokenization capable authentication framework |
CN114529300A (en) | 2015-10-15 | 2022-05-24 | 维萨国际服务协会 | Instant token issuing system |
CN106817390B (en) | 2015-12-01 | 2020-04-24 | 阿里巴巴集团控股有限公司 | User data sharing method and device |
CN108370319B (en) | 2015-12-04 | 2021-08-17 | 维萨国际服务协会 | Method and computer for token verification |
CA3009659C (en) | 2016-01-07 | 2022-12-13 | Visa International Service Association | Systems and methods for device push provisioning |
EP3411846A4 (en) | 2016-02-01 | 2018-12-12 | Visa International Service Association | Systems and methods for code display and use |
US11501288B2 (en) | 2016-02-09 | 2022-11-15 | Visa International Service Association | Resource provider account token provisioning and processing |
US10313321B2 (en) | 2016-04-07 | 2019-06-04 | Visa International Service Association | Tokenization of co-network accounts |
AU2016403734B2 (en) | 2016-04-19 | 2022-11-17 | Visa International Service Association | Systems and methods for performing push transactions |
US11250424B2 (en) | 2016-05-19 | 2022-02-15 | Visa International Service Association | Systems and methods for creating subtokens using primary tokens |
EP3466017B1 (en) | 2016-06-03 | 2021-05-19 | Visa International Service Association | Subtoken management system for connected devices |
US11068899B2 (en) | 2016-06-17 | 2021-07-20 | Visa International Service Association | Token aggregation for multi-party transactions |
AU2017281938A1 (en) | 2016-06-24 | 2018-10-25 | Visa International Service Association | Unique token authentication cryptogram |
AU2017295842A1 (en) | 2016-07-11 | 2018-11-01 | Visa International Service Association | Encryption key exchange process using access device |
CN109478287B (en) | 2016-07-19 | 2023-08-15 | 维萨国际服务协会 | Method for distributing tokens and managing token relationships |
US10509779B2 (en) | 2016-09-14 | 2019-12-17 | Visa International Service Association | Self-cleaning token vault |
CN117009946A (en) | 2016-11-28 | 2023-11-07 | 维萨国际服务协会 | Access identifier supplied to application program |
US10915899B2 (en) | 2017-03-17 | 2021-02-09 | Visa International Service Association | Replacing token on a multi-token user device |
US10902418B2 (en) | 2017-05-02 | 2021-01-26 | Visa International Service Association | System and method using interaction token |
US11494765B2 (en) | 2017-05-11 | 2022-11-08 | Visa International Service Association | Secure remote transaction system using mobile devices |
US10491389B2 (en) | 2017-07-14 | 2019-11-26 | Visa International Service Association | Token provisioning utilizing a secure authentication system |
SG11202008451RA (en) | 2018-03-07 | 2020-09-29 | Visa Int Service Ass | Secure remote token release with online authentication |
US11256789B2 (en) | 2018-06-18 | 2022-02-22 | Visa International Service Association | Recurring token transactions |
CN112740207A (en) | 2018-08-22 | 2021-04-30 | 维萨国际服务协会 | Method and system for token provisioning and processing |
US10700955B2 (en) | 2018-09-14 | 2020-06-30 | The Nielsen Company (Us), Llc | Methods apparatus and medium to exclude network communication traffic from media monitoring records |
EP3881258A4 (en) | 2018-11-14 | 2022-01-12 | Visa International Service Association | Cloud token provisioning of multiple tokens |
WO2020236135A1 (en) | 2019-05-17 | 2020-11-26 | Visa International Service Association | Virtual access credential interaction system and method |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5771291A (en) * | 1995-12-11 | 1998-06-23 | Newton; Farrell | User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer |
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6163771A (en) * | 1997-08-28 | 2000-12-19 | Walker Digital, Llc | Method and device for generating a single-use financial account number |
US20020046092A1 (en) * | 2000-02-11 | 2002-04-18 | Maurice Ostroff | Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites |
US20020069177A1 (en) * | 2000-12-01 | 2002-06-06 | Carrott Richard F. | Method and apparatus to provide secure purchase transactions over a computer network |
US20020170959A1 (en) * | 2001-05-15 | 2002-11-21 | Masih Madani | Universal authorization card system and method for using same |
US6598031B1 (en) * | 2000-07-31 | 2003-07-22 | Edi Secure Lllp | Apparatus and method for routing encrypted transaction card identifying data through a public telephone network |
US6658568B1 (en) * | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US7136835B1 (en) * | 1998-03-25 | 2006-11-14 | Orbis Patents Ltd. | Credit card system and method |
US7433845B1 (en) * | 1999-04-13 | 2008-10-07 | Orbis Patents Limited | Data structure, method and system for generating person-to-person, person-to-business, business-to-person, and business-to-business financial transactions |
US7805376B2 (en) * | 2002-06-14 | 2010-09-28 | American Express Travel Related Services Company, Inc. | Methods and apparatus for facilitating a transaction |
US20120039469A1 (en) * | 2006-10-17 | 2012-02-16 | Clay Von Mueller | System and method for variable length encryption |
US9672515B2 (en) * | 2000-03-15 | 2017-06-06 | Mastercard International Incorporated | Method and system for secure payments over a computer network |
Family Cites Families (71)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7631193B1 (en) | 1994-11-28 | 2009-12-08 | Yt Acquisition Corporation | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
EP1643340B1 (en) | 1995-02-13 | 2013-08-14 | Intertrust Technologies Corp. | Secure transaction management |
WO1998003927A2 (en) * | 1996-07-22 | 1998-01-29 | Cyva Research Corp | Personal information security and exchange tool |
US7346586B1 (en) * | 1997-07-15 | 2008-03-18 | Silverbrook Research Pty Ltd | Validation protocol and system |
JPH1139401A (en) * | 1997-07-16 | 1999-02-12 | Nippon Shinpan Kk | Credit card system and method for using credit card through network |
US5883810A (en) * | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
US6081793A (en) | 1997-12-30 | 2000-06-27 | International Business Machines Corporation | Method and system for secure computer moderated voting |
US6327578B1 (en) * | 1998-12-29 | 2001-12-04 | International Business Machines Corporation | Four-party credit/debit payment protocol |
US8073772B2 (en) | 1999-11-05 | 2011-12-06 | American Express Travel Related Services Company, Inc. | Systems and methods for processing transactions using multiple budgets |
US7120692B2 (en) | 1999-12-02 | 2006-10-10 | Senvid, Inc. | Access and control system for network-enabled devices |
WO2001042965A1 (en) * | 1999-12-10 | 2001-06-14 | Auripay, Inc. | Method and apparatus for improved financial instrument processing |
US7640181B2 (en) | 2000-02-17 | 2009-12-29 | Hart Intercivic, Inc. | Distributed network voting system |
AU2001239945A1 (en) * | 2000-02-29 | 2001-09-12 | E-Scoring, Inc. | Systems and methods enabling anonymous credit transactions |
AU781671B2 (en) * | 2000-06-21 | 2005-06-02 | Mastercard International Incorporated | An improved method and system for conducting secure payments over a computer network |
US7890433B2 (en) * | 2000-06-30 | 2011-02-15 | Tara Chand Singhal | Private and secure payment system |
JP2002024716A (en) * | 2000-07-03 | 2002-01-25 | Juki Corp | Method and system for payment |
US6938019B1 (en) * | 2000-08-29 | 2005-08-30 | Uzo Chijioke Chukwuemeka | Method and apparatus for making secure electronic payments |
US20030069857A1 (en) * | 2000-10-23 | 2003-04-10 | Junda Laurence E. | Proxy system for customer confidentiality |
AU2001264377A1 (en) * | 2000-10-31 | 2002-05-15 | Woori Technology Inc. | Electronic commerce system and method |
US7996288B1 (en) * | 2000-11-15 | 2011-08-09 | Iprivacy, Llc | Method and system for processing recurrent consumer transactions |
US7461787B2 (en) | 2000-11-20 | 2008-12-09 | Avante International Technology, Inc. | Electronic voting apparatus, system and method |
CA2469146A1 (en) | 2000-11-20 | 2002-09-12 | Amerasia International Technology, Inc. | Electronic voting apparatus, system and method |
US6931382B2 (en) | 2001-01-24 | 2005-08-16 | Cdck Corporation | Payment instrument authorization technique |
US7729991B2 (en) | 2001-03-20 | 2010-06-01 | Booz-Allen & Hamilton Inc. | Method and system for electronic voter registration and electronic voting over a network |
US7017190B2 (en) | 2001-03-21 | 2006-03-21 | Weber Warren D | Portable recordable media anti-theft system |
US7225156B2 (en) | 2001-07-11 | 2007-05-29 | Fisher Douglas C | Persistent dynamic payment service |
US7197167B2 (en) | 2001-08-02 | 2007-03-27 | Avante International Technology, Inc. | Registration apparatus and method, as for voting |
US7635087B1 (en) | 2001-10-01 | 2009-12-22 | Avante International Technology, Inc. | Method for processing a machine readable ballot and ballot therefor |
JP3935879B2 (en) | 2001-11-06 | 2007-06-27 | インターナショナル・ビジネス・マシーンズ・コーポレーション | System for data supply |
AU2002337945A1 (en) | 2001-12-31 | 2003-07-30 | Voting Technologies International, Llc | Computerized electronic voting system |
US7003493B2 (en) * | 2003-01-22 | 2006-02-21 | First Data Corporation | Direct payment with token |
US20050044413A1 (en) | 2003-02-05 | 2005-02-24 | Accenture Global Services Gmbh | Secure electronic registration and voting solution |
US7162640B2 (en) | 2003-03-11 | 2007-01-09 | Microsoft Corporation | System and method for protecting identity information |
US20050132194A1 (en) * | 2003-12-12 | 2005-06-16 | Ward Jean R. | Protection of identification documents using open cryptography |
JP3890398B2 (en) | 2004-02-19 | 2007-03-07 | 海 西田 | Verification and construction of highly secure anonymous communication path in peer-to-peer anonymous proxy |
US20050246528A1 (en) | 2004-04-30 | 2005-11-03 | Powers John S | Method for reliable authentication of electronic transactions |
CN1977508A (en) | 2004-06-28 | 2007-06-06 | 吉纳阿克蒂斯有限责任公司 | Transmission of anonymous information through a communication network |
US7055742B2 (en) | 2004-06-29 | 2006-06-06 | Microsoft Corporation | Method for secure on-line voting |
US7490768B2 (en) | 2004-07-05 | 2009-02-17 | International Business Machines Corporation | Election system enabling coercion-free remote voting |
US20090144135A1 (en) | 2004-07-27 | 2009-06-04 | Andreu Riera Jorba | Methods for the management and protection of electoral processes, which are associated with an electronic voting terminal, and operative module used |
US7613919B2 (en) | 2004-10-12 | 2009-11-03 | Bagley Brian B | Single-use password authentication |
US7458512B2 (en) | 2005-02-01 | 2008-12-02 | Ip.Com, Inc. | Computer-based method and apparatus for verifying an electronic voting process |
US7657456B2 (en) | 2005-03-18 | 2010-02-02 | Pitney Bowes Inc. | Method and system for electronic voting using identity based encryption |
JP2007036364A (en) | 2005-07-22 | 2007-02-08 | Nec Corp | Time device, encrypting device, decrypting device, and encrypting/decrypting system |
EP1748615A1 (en) | 2005-07-27 | 2007-01-31 | Sun Microsystems France S.A. | Method and system for providing public key encryption security in insecure networks |
US20070050303A1 (en) * | 2005-08-24 | 2007-03-01 | Schroeder Dale W | Biometric identification device |
US7395964B2 (en) | 2005-09-06 | 2008-07-08 | International Business Machines Corporation | Secure voting system |
WO2007064884A2 (en) | 2005-12-01 | 2007-06-07 | Shahriar Sarkeshik | Commercial transaction facilitation system |
CA2531533C (en) | 2005-12-28 | 2013-08-06 | Bce Inc. | Session-based public key infrastructure |
US7597258B2 (en) | 2006-04-21 | 2009-10-06 | Cccomplete, Inc. | Confidential electronic election system |
US8769275B2 (en) | 2006-10-17 | 2014-07-01 | Verifone, Inc. | Batch settlement transactions system and method |
US8061589B2 (en) | 2006-10-20 | 2011-11-22 | Barry Cohen | Electronic voting system |
US20080179399A1 (en) | 2007-01-15 | 2008-07-31 | Verify First Technologies, Inc. | Method of confirming electoral vote |
US8850473B2 (en) | 2007-02-01 | 2014-09-30 | Invidi Technologies Corporation | Targeting content based on location |
US20080201206A1 (en) | 2007-02-01 | 2008-08-21 | 7 Billion People, Inc. | Use of behavioral portraits in the conduct of E-commerce |
US20080222417A1 (en) | 2007-03-06 | 2008-09-11 | James Downes | Method, System, And Apparatus For Nested Security Access/Authentication With Media Initiation |
US20080283598A1 (en) | 2007-05-18 | 2008-11-20 | Mohamad Reza Ghafarzadeh | Election - Voting System |
US7739169B2 (en) * | 2007-06-25 | 2010-06-15 | Visa U.S.A. Inc. | Restricting access to compromised account information |
US20090006860A1 (en) | 2007-06-26 | 2009-01-01 | John Gordon Ross | Generating multiple seals for electronic data |
US7637429B2 (en) | 2007-08-03 | 2009-12-29 | Pitney Bowes Inc. | Electronic voting system and associated method |
US20090072032A1 (en) | 2007-09-13 | 2009-03-19 | Cardone Richard J | Method for electronic voting using a trusted computing platform |
US20090106092A1 (en) | 2007-10-09 | 2009-04-23 | Election Technology Services, Llc. | Electronic voting system and method of voting |
US8549279B1 (en) * | 2007-10-23 | 2013-10-01 | United Parcel Service Of America, Inc. | Encryption and tokenization architectures |
US8381977B2 (en) | 2007-11-09 | 2013-02-26 | International Business Machines Corporation | Voting system and ballot paper |
US8578176B2 (en) * | 2008-03-26 | 2013-11-05 | Protegrity Corporation | Method and apparatus for tokenization of sensitive sets of characters |
US8584251B2 (en) * | 2009-04-07 | 2013-11-12 | Princeton Payment Solutions | Token-based payment processing system |
US20110066497A1 (en) | 2009-09-14 | 2011-03-17 | Choicestream, Inc. | Personalized advertising and recommendation |
US8788429B2 (en) * | 2009-12-30 | 2014-07-22 | First Data Corporation | Secure transaction management |
US8380177B2 (en) * | 2010-04-09 | 2013-02-19 | Paydiant, Inc. | Mobile phone payment processing methods and systems |
US9342832B2 (en) * | 2010-08-12 | 2016-05-17 | Visa International Service Association | Securing external systems with account token substitution |
US10032163B2 (en) * | 2010-12-02 | 2018-07-24 | B & H Worldwide, Llc | Processing a financial transaction using single-use financial account card number via portable communication device |
-
2010
- 2010-12-16 US US12/970,414 patent/US8762284B2/en not_active Expired - Fee Related
-
2011
- 2011-12-14 JP JP2013544744A patent/JP5857067B2/en not_active Expired - Fee Related
- 2011-12-14 WO PCT/US2011/064923 patent/WO2012082905A1/en active Application Filing
- 2011-12-14 EP EP20110848973 patent/EP2652696A4/en not_active Withdrawn
-
2014
- 2014-05-07 US US14/272,223 patent/US20140244515A1/en not_active Abandoned
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6658568B1 (en) * | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US5771291A (en) * | 1995-12-11 | 1998-06-23 | Newton; Farrell | User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer |
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6163771A (en) * | 1997-08-28 | 2000-12-19 | Walker Digital, Llc | Method and device for generating a single-use financial account number |
US7136835B1 (en) * | 1998-03-25 | 2006-11-14 | Orbis Patents Ltd. | Credit card system and method |
US7433845B1 (en) * | 1999-04-13 | 2008-10-07 | Orbis Patents Limited | Data structure, method and system for generating person-to-person, person-to-business, business-to-person, and business-to-business financial transactions |
US20020046092A1 (en) * | 2000-02-11 | 2002-04-18 | Maurice Ostroff | Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites |
US9672515B2 (en) * | 2000-03-15 | 2017-06-06 | Mastercard International Incorporated | Method and system for secure payments over a computer network |
US6598031B1 (en) * | 2000-07-31 | 2003-07-22 | Edi Secure Lllp | Apparatus and method for routing encrypted transaction card identifying data through a public telephone network |
US20020069177A1 (en) * | 2000-12-01 | 2002-06-06 | Carrott Richard F. | Method and apparatus to provide secure purchase transactions over a computer network |
US20020170959A1 (en) * | 2001-05-15 | 2002-11-21 | Masih Madani | Universal authorization card system and method for using same |
US7805376B2 (en) * | 2002-06-14 | 2010-09-28 | American Express Travel Related Services Company, Inc. | Methods and apparatus for facilitating a transaction |
US20120039469A1 (en) * | 2006-10-17 | 2012-02-16 | Clay Von Mueller | System and method for variable length encryption |
Cited By (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11715075B2 (en) | 2012-03-07 | 2023-08-01 | Early Warning Services, Llc | System and method for transferring funds |
US9691056B2 (en) | 2012-03-07 | 2017-06-27 | Clearxchange, Llc | System and method for transferring funds |
US11361290B2 (en) | 2012-03-07 | 2022-06-14 | Early Warning Services, Llc | System and method for securely registering a recipient to a computer-implemented funds transfer payment network |
US11373182B2 (en) | 2012-03-07 | 2022-06-28 | Early Warning Services, Llc | System and method for transferring funds |
US10078821B2 (en) | 2012-03-07 | 2018-09-18 | Early Warning Services, Llc | System and method for securely registering a recipient to a computer-implemented funds transfer payment network |
US10318936B2 (en) | 2012-03-07 | 2019-06-11 | Early Warning Services, Llc | System and method for transferring funds |
US10395223B2 (en) | 2012-03-07 | 2019-08-27 | Early Warning Services, Llc | System and method for transferring funds |
US10395247B2 (en) | 2012-03-07 | 2019-08-27 | Early Warning Services, Llc | Systems and methods for facilitating a secure transaction at a non-financial institution system |
US10970688B2 (en) | 2012-03-07 | 2021-04-06 | Early Warning Services, Llc | System and method for transferring funds |
US11593800B2 (en) | 2012-03-07 | 2023-02-28 | Early Warning Services, Llc | System and method for transferring funds |
US11321682B2 (en) | 2012-03-07 | 2022-05-03 | Early Warning Services, Llc | System and method for transferring funds |
US9626664B2 (en) | 2012-03-07 | 2017-04-18 | Clearxchange, Llc | System and method for transferring funds |
US11948148B2 (en) | 2012-03-07 | 2024-04-02 | Early Warning Services, Llc | System and method for facilitating transferring funds |
US11605077B2 (en) | 2012-03-07 | 2023-03-14 | Early Warning Services, Llc | System and method for transferring funds |
US10846662B2 (en) | 2015-03-23 | 2020-11-24 | Early Warning Services, Llc | Real-time determination of funds availability for checks and ACH items |
US10878387B2 (en) | 2015-03-23 | 2020-12-29 | Early Warning Services, Llc | Real-time determination of funds availability for checks and ACH items |
US10839359B2 (en) | 2015-03-23 | 2020-11-17 | Early Warning Services, Llc | Payment real-time funds availability |
US10748127B2 (en) | 2015-03-23 | 2020-08-18 | Early Warning Services, Llc | Payment real-time funds availability |
US10832246B2 (en) | 2015-03-23 | 2020-11-10 | Early Warning Services, Llc | Payment real-time funds availability |
US10769606B2 (en) | 2015-03-23 | 2020-09-08 | Early Warning Services, Llc | Payment real-time funds availability |
CN108027921A (en) * | 2015-07-13 | 2018-05-11 | 克利尔爱克斯钱吉有限责任公司 | System and method for promoting the Secure Transaction in non-financial institution's system |
WO2017011596A1 (en) * | 2015-07-13 | 2017-01-19 | Clearxchange, Llc | Systems and methods for facilitating a secure transaction at a non-financial institution system |
US11037122B2 (en) | 2015-07-21 | 2021-06-15 | Early Warning Services, Llc | Secure real-time transactions |
US11386410B2 (en) | 2015-07-21 | 2022-07-12 | Early Warning Services, Llc | Secure transactions with offline device |
US10438175B2 (en) | 2015-07-21 | 2019-10-08 | Early Warning Services, Llc | Secure real-time payment transactions |
US11922387B2 (en) | 2015-07-21 | 2024-03-05 | Early Warning Services, Llc | Secure real-time transactions |
US10762477B2 (en) | 2015-07-21 | 2020-09-01 | Early Warning Services, Llc | Secure real-time processing of payment transactions |
US11151522B2 (en) | 2015-07-21 | 2021-10-19 | Early Warning Services, Llc | Secure transactions with offline device |
US11151523B2 (en) | 2015-07-21 | 2021-10-19 | Early Warning Services, Llc | Secure transactions with offline device |
US11157884B2 (en) | 2015-07-21 | 2021-10-26 | Early Warning Services, Llc | Secure transactions with offline device |
US11037121B2 (en) | 2015-07-21 | 2021-06-15 | Early Warning Services, Llc | Secure real-time transactions |
US10956888B2 (en) | 2015-07-21 | 2021-03-23 | Early Warning Services, Llc | Secure real-time transactions |
US10970695B2 (en) | 2015-07-21 | 2021-04-06 | Early Warning Services, Llc | Secure real-time transactions |
US11062290B2 (en) | 2015-07-21 | 2021-07-13 | Early Warning Services, Llc | Secure real-time transactions |
US10963856B2 (en) | 2015-07-21 | 2021-03-30 | Early Warning Services, Llc | Secure real-time transactions |
US11151567B2 (en) | 2016-09-19 | 2021-10-19 | Early Warning Services, Llc | Authentication and fraud prevention in provisioning a mobile wallet |
US11151566B2 (en) | 2016-09-19 | 2021-10-19 | Early Warning Services, Llc | Authentication and fraud prevention in provisioning a mobile wallet |
US11144928B2 (en) | 2016-09-19 | 2021-10-12 | Early Warning Services, Llc | Authentication and fraud prevention in provisioning a mobile wallet |
US20210173949A1 (en) * | 2019-12-10 | 2021-06-10 | Winkk, Inc | Method and apparatus using personal computing device as a secure identification |
US11902777B2 (en) | 2019-12-10 | 2024-02-13 | Winkk, Inc. | Method and apparatus for encryption key exchange with enhanced security through opti-encryption channel |
US11928194B2 (en) | 2019-12-10 | 2024-03-12 | Wiinkk, Inc. | Automated transparent login without saved credentials or passwords |
US11928193B2 (en) | 2019-12-10 | 2024-03-12 | Winkk, Inc. | Multi-factor authentication using behavior and machine learning |
US11934514B2 (en) | 2019-12-10 | 2024-03-19 | Winkk, Inc. | Automated ID proofing using a random multitude of real-time behavioral biometric samplings |
US11936787B2 (en) | 2019-12-10 | 2024-03-19 | Winkk, Inc. | User identification proofing using a combination of user responses to system turing tests using biometric methods |
US11843943B2 (en) | 2021-06-04 | 2023-12-12 | Winkk, Inc. | Dynamic key exchange for moving target |
US11824999B2 (en) | 2021-08-13 | 2023-11-21 | Winkk, Inc. | Chosen-plaintext secure cryptosystem and authentication |
Also Published As
Publication number | Publication date |
---|---|
EP2652696A4 (en) | 2014-05-21 |
WO2012082905A1 (en) | 2012-06-21 |
JP5857067B2 (en) | 2016-02-10 |
EP2652696A1 (en) | 2013-10-23 |
US8762284B2 (en) | 2014-06-24 |
JP2014502749A (en) | 2014-02-03 |
US20120158593A1 (en) | 2012-06-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8762284B2 (en) | Systems and methods for facilitating secure transactions | |
US9501773B2 (en) | Secured transaction system | |
US9129269B2 (en) | Secured point-of-sale transaction system | |
AU2014238282B2 (en) | Systems and methods for cryptographic security as a service | |
US20110191161A1 (en) | Secured Mobile Transaction Device | |
US20220116366A1 (en) | Secure and trusted conveyance from user computing device to merchant computing entity | |
US20110131102A1 (en) | Secure mobile payment processing | |
US11443301B1 (en) | Sending secure proxy elements with mobile wallets | |
US11170363B1 (en) | Secure processing of online purchase using a mobile wallet | |
CN103491533B (en) | WAP gateway, user WAP terminals, WAP payment systems and method | |
US11816666B2 (en) | Secure payment processing | |
US20200013045A1 (en) | Stake pool for a secure and trusted data communication system | |
CN105809417A (en) | Safe reliable real-time electronic payment settlement merchant terminal, user terminal, bank front-end system, system, and method | |
CN114787845A (en) | Plan interaction with passwords | |
EP3374951A1 (en) | A method, apparatus, system, and computer readable medium for processing an electronic payment transaction with improved security | |
US20220245262A1 (en) | Secure information storage, transfer and computing | |
KR102263220B1 (en) | E-commerce Payment Method using Block Chain | |
WO2022154789A1 (en) | Token-based off-chain interaction authorization | |
CN113508413A (en) | Cross-border Quick Response (QR) payment flow for encrypting Primary Account Number (PAN) payment flow | |
US11842338B2 (en) | Payment encryption system | |
CA | E-commerce | |
Pande et al. | E-Payment Gateway Model | |
JP2002056330A (en) | Paying means authentication system | |
Wan et al. | Secure mobile payment based on super set protocol | |
GB2493138A (en) | A system for secure payment transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: DEMOCRACYONTHEWEB, LLC, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GARFINKLE, RICHARD;REEL/FRAME:032963/0890 Effective date: 20101217 Owner name: DEMOCRACYONTHEWEB, LLC, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GARFINKLE, NORTON;REEL/FRAME:032963/0807 Effective date: 20101214 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: PRINCETON SCITECH LLC, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DEMOCRACYONTHEWEB, LLC;REEL/FRAME:051024/0714 Effective date: 20191115 |