US20140279553A1 - Vendor token generator - Google Patents

Vendor token generator Download PDF

Info

Publication number
US20140279553A1
US20140279553A1 US14/216,227 US201414216227A US2014279553A1 US 20140279553 A1 US20140279553 A1 US 20140279553A1 US 201414216227 A US201414216227 A US 201414216227A US 2014279553 A1 US2014279553 A1 US 2014279553A1
Authority
US
United States
Prior art keywords
token
email
payment server
customer
vendor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/216,227
Inventor
James Kassemi
Dave Walz-Burkett
Chad Person
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Swoop IP Holdings LLC
Original Assignee
Pay IP Holdings LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pay IP Holdings LLC filed Critical Pay IP Holdings LLC
Priority to US14/216,227 priority Critical patent/US20140279553A1/en
Assigned to @PAY IP HOLDINGS LLC reassignment @PAY IP HOLDINGS LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KASSEMI, JAMES, PERSON, CHAD, WALZ-BURKETT, DAVE
Publication of US20140279553A1 publication Critical patent/US20140279553A1/en
Priority to US15/436,146 priority patent/US11276045B2/en
Priority to US17/694,282 priority patent/US20220198415A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/384Payment protocols; Details thereof using social networks

Definitions

  • the present invention is related to electronic payment systems.
  • Vendors wishing to adopt an email-based payment method may need to integrate their own system with a third party system to use the email payment process.
  • An email payment system may demand a close integration between the vendor and the e-commerce system. This setup may be time consuming and cumbersome for the vendor.
  • Email-based payment systems contend with customers that are more familiar with web-based payment systems. Consumers expect to visit a URL to check out of merchandise.
  • a two-click web URL checkout may be a desirable service for a vendor to provide to a client.
  • the implementation of a tool that may generate tokens for web and email-based checkout may be desirable.
  • a token generator may be integrated directly in the vendor's system and may reduce communication with the email payment gateway. This configuration allows the vendor to produce tokens for email-based payments as well as two-click web-based checkout tokens.
  • the token generator allows vendors to include secure tokens in advertising emails.
  • the vendor server sends emails with tokens to customers that are registered to receive the email-based payment system.
  • the emails contain hyperlinks that correspond to offers from the vendor. When the mailto hyperlink is selected, the new email contains a token that holds identifiers of the associated offer and purchaser. That email may then be sent to the email payment gateway.
  • the system receives the email and decodes the contents of the email and processes the transaction. A corresponding offer may be generated for a two-click web transaction based on the token generator.
  • a method for generating tokens for use in an email-based e-commerce transaction between third party vendor and a customer that is facilitated by a payment server may comprise generating a token for use with an email checkout, wherein the token comprises a customer name, and customer email address.
  • the processor may generate an email message for at least one recipient, the email message including a mailto hyperlink including the token, wherein the mailto hyperlink generates an email response message addressed to the payment server including the token.
  • the method may comprise receiving a notification from the payment server indicating that the at least one recipient that the email response message was successfully received by the payment server and the email-based e-commerce transaction is successful.
  • FIG. 1 shows an example system that may be used for a vendor token generator that may be used in e-commerce transactions
  • FIG. 2 shows another example of a system for a vendor token generator for email and web-based checkout
  • FIG. 3 shows a transactional diagram for a method for token generation
  • FIG. 4 is a flow diagram for a method of token generation using web-based steps
  • FIG. 5 shows a an example of a website token structure
  • FIG. 6 shows an example of a web page for an URL Interface for web checkout
  • FIG. 7 shows a transactional diagram for a method for generating a token with a website.
  • token may refer a sequence of byte data or string or file used to authenticate a transaction.
  • a token may be one or multiple encrypted strings, files, passwords, cyphers or other data which may contain information used to perform or authenticate a transaction when sent to payment servers. These tokens may be encrypted using a public-private key encryption system. The vendor or a party with knowledge of the vendor's private key may generate an encrypted token. Alternatively, a payment system or e-commerce site may generate this token on behalf of the vendor.
  • user agent may refer to software and/or hardware that are acting on behalf of a user.
  • the system and method may use an email server/account to complete checkout of any type of product (e.g., items/services/events/donations) for a transfer of funds from a customer to a vendor (e.g. retail site, charity, political organization or other vendor.)
  • a vendor e.g. retail site, charity, political organization or other vendor.
  • FIG. 1 shows an example system 100 that may be used for vendor token generation that may be used in e-commerce transactions.
  • the example system 100 includes a customer device 150 , a vendor server 120 , a payment server 140 , and a banking server 160 that may communicate over one or more wired and/or wireless communication networks 110 .
  • the wired or wireless communication networks 110 may be public, private or a combination of public or private networks.
  • the customer device 150 may be, for example, a cellular phone, a smartphone, a desktop computer, a laptop computer, a tablet computer, or any other appropriate computing device.
  • the customer device 150 includes a processor 151 , memory 152 , a communications unit 153 , a display unit 154 and web browser unit 155 , which may communicate data to/from the web server module(s) in the vendor server 120 and payment server 140 .
  • the web browser unit 155 may include and/or communicate with one or more sub-modules that perform functionality such as rendering HTML (including but not limited to HTML5), rendering raster and/or vector graphics, executing JAVASCRIPT, and/or rendering multimedia content.
  • the web browser unit 155 may implement Rich Internet Application (RIA) and/or multimedia technologies such as ADOBE FLASH and/or other technologies compatible with Internet based communications.
  • the web browser unit 155 may implement RIA and/or multimedia technologies using one or web browser plug-in modules (e.g., ADOBE FLASH), and/or using one or more sub-modules within the web browser unit 155 itself.
  • the web browser unit 155 may display data on one or more display devices (not depicted) that are included in, or connected to, the customer device 150 , such as a liquid crystal display (LCD) display or monitor.
  • LCD liquid crystal display
  • the customer device 150 may receive input from the user of the customer device 150 from input devices (not depicted) that are included in, or connected to, the customer device 150 , such as a keyboard, a mouse, a microphone or a touch screen, and provide data that indicates the input to the web browser unit 155 .
  • input devices not depicted
  • the customer device 150 such as a keyboard, a mouse, a microphone or a touch screen
  • the vendor server 120 may include an HTTP server module 121 , a token generator 122 , a button generator 123 , a processor 124 , memory 125 , a payment gateway 126 and a communications unit 127 .
  • the HTTP server module 121 provides a website that may be accessed by a customer device 150 .
  • the HTTP server module 121 may implement the HTTP protocol, and may communicate Hypertext Markup Language (HTML) pages and related data from the website to/from the customer device 150 using HTTP.
  • the vendor server 120 may be connected to one or more private or public networks (such as the Internet), via which the HTTP server module 121 communicates with devices such as the customer device 150 .
  • the HTTP server module 121 may generate one or more web pages and may communicate the web pages to the customer device 150 , and may receive responsive information from the customer device 150 .
  • the HTTP server module 121 may be, for example, an NGINX server, an APACHE HTTP server, a SUN-ONE Web Server, a MICROSOFT INTERNET Information Services (IIS) server, and/or may be based on any other appropriate HTTP server technology.
  • the vendor server 120 may also include one or more additional components or modules (not depicted), such as one or more load balancers, firewall devices, routers, switches, and devices that handle power backup and data redundancy.
  • the payment gateway 126 may be a proprietary service that service that directly connects with the payment processors, such as banking server 160 to handle the credit card data, and authorize credit card payments.
  • the token generator 122 may generate tokens for use in e-commerce transactions. Tokens may be encrypted strings which contain information to perform a transaction when sent to the payment server(s) 140 .
  • a token may be one or multiple encrypted strings, files, passwords, cyphers or other data which may contain information used to perform or authenticate a transaction.
  • a token may include one or more of the following parameters or other parameters not listed below:
  • the system 100 is designed to allow the vendor flexibility to offer deals for a limited time or number or responsive to available inventory.
  • the token may be configured to expire by default after two weeks, or any predetermined time, or never expire.
  • the vendor server 120 may be configured to extend or shorten the expiration time of a particular offer associated with a token without resending an email or generating a new token.
  • the vendor server 120 may send email updates for an offer associated with a token. This may be predetermined, or may be later set, depending upon demand by customers. Additionally, the vendor server 120 may generate groups of token values that may automatically invalidate members of the group when one token is processed.
  • the vendor server 120 may further be configured to send email notifications that the previously submitted token is now invalid.
  • the button generator 123 may create cross-client and cross-browser compatible buttons for email checkouts.
  • the button generator 123 may include the token generator 122 to automatically generate an associated token for each button that is created.
  • a button and an associated token, generated by the button generator 123 and/or the token generator 122 may be embedded on a web page created by the HTTP server module 121 .
  • the memory 125 may be configured to store information associated with e-commerce transactions. This may include inventory information, information used to generate web pages, customer information, and other e-commerce data.
  • the payment server 140 may include an HTTP server module 141 , a token generator 142 , a processor 143 , memory 144 , payment gateway 145 and a communications unit 146 . While only one vendor server 120 is shown communicating with the payment server 140 , this is shown as an example only. Payment server 140 may communicate with multiple vendor servers 120 . A customer, wishing to use the services of the payment server 140 , may register his/her email address and payment information with the payment server 140 . Similarly, vendors may register with the payment server 140 . The payment server 140 may provide the vendor server 120 with a public key and private key to be used in token transaction in accordance with the methods described herein.
  • the payment server 140 decodes the token, authenticates the sender of the email, and may process the transaction. While the payment server 140 is depicted as a separate entity in FIG. 1 , this is shown as an example only. The payment server 140 may be controlled and/or co-located with the vendor server 120 , the banking server 160 .
  • the banking server 160 may be controlled by a third party system bank.
  • the payment server 140 may communicate with the banking server 160 to verify that the customer has adequate funds or credit for the requested purchase.
  • the banking server 160 may be a controlled by VISA, AMERICAN EXPRESS, MASTERCARD or any other bank or banking or financial network that a customer may use for online payment.
  • the banking server 160 may be a server for virtual currencies, such as BITCOIN, etc.
  • FIG. 2 shows another example of a system for a vendor token generator for email and web-based checkout.
  • the example system may include a vendor server 120 , a customer device 150 , an e-commerce system 170 and a payment processing system 180 .
  • the architecture shown in FIG. 2 enables vendors to generate two-click tokens within their own vendor server 120 , without requiring communication with the e-commerce system 170 at the time the tokens are created.
  • the example vendor server 120 may include token generator 122 , a vendor email server 128 and vendor website 129 .
  • the example customer device 150 may comprise a two-click web checkout unit 155 , an email client offer email module 156 an email client sign up email module 157 and web browser signup module 158 .
  • the e-commerce system 170 may comprise a token decoding unit 171 , interface unit 172 , a database module 176 , an order execution unit 173 , a message processing unit 174 and an account management unit 175 .
  • the two-click web checkout unit 155 may be an application or API or software based module enabling the customer device 150 to participate in a two-click web checkout.
  • the email client offer email module 156 and the email client sign up email module 157 may be integrated with an email client or web client associated with the customer device 150 .
  • the web browser signup module 158 may be configured to facilitate the signing a customer up with the e-commerce system 170 as well as signing the customer in. This may facilitate the ability of the customer device 150 to respond to offers (e.g. without requiring manually signing in each time).
  • the token decoding unit 171 may be configured to decode tokens.
  • the interface unit 172 may be configured to interface with the vendor server 120 , the payment processing system 180 , and one or more customer devices 150 .
  • the message processing unit 174 may be configured to process received email messages and to generate email messages.
  • the order execution unit may be configured to execute e-commerce transactions.
  • the account management unit 175 may be configured to manage accounts of a plurality of members (both vendors and customers) associated with the e-commerce system 170 .
  • the vendor server 120 may generate a first type of token may for use with email checkout and/or a second type of token for URL checkout.
  • the order in which the tokens are generated may be based on the time at which a vendor requests a token.
  • the system is configured to use a secure and backwards compatible process for facilitation during the integration process.
  • the methods and apparatus described herein may provide the vendor server 120 with improved security embedding more functionality in the vendor server 120 .
  • the methods described herein may reduce bandwidth by streamlining communications with the e-commerce system 170 .
  • the vendor server 120 may generate an email offer that may be processed by the vendor email server 128 .
  • the token generator 122 may create the token to provide a purchase opportunity.
  • the token may be generated without requiring contact with the e-commerce system's 170 API.
  • the token may be created with some contact with the e-commerce system 170 .
  • Token generation by the vendor server 120 may involve a public key cryptography solution, which currently may use the following technology components: encryption, using an XSalsa20 stream cipher; authentication using Poly1305 MAC; and/or public keys using Curve25519 high-speed elliptic curve cryptography.
  • This above algorithms are used merely as an example to illustrate the user of public key cryptography, and not meant to be limiting to those specific algorithms.
  • the token generator 122 may comprise a token generation library is installed in the vendor server 120 .
  • the token generator 122 may comprise a custom library that meets token protocol formatting requirements determined by the e-commerce system 170 .
  • the vendor server 120 may be configured with keys provided by the e-commerce system 170 .
  • the vendor server 120 receives a unique private and public key associated with the vendor, and a public key that the e-commerce system 170 uses for multiple partners.
  • the vendor server 120 may generate a token with their unique key, and provide the e-commerce system's 170 public key as the intended target for messages.
  • the vendor server 120 inputs the required parameters for the specified token type into the token generator 122 and receives back the encrypted token containing some combination of the following information that the vendor may input:
  • the e-commerce system's 170 message processing unit 174 receives an email containing an encoded token (e.g. Base64), the e-commerce system 170 decrypts the key into the above information, confirms the key's validity, ensures that the vendor server 120 is authorized to generate tokens, and processes a payment for the user with the given email address.
  • the vendor server 120 may pass a member identifier instead of an email address, which may specify a specific credit card or billing option to charge.
  • the e-commerce system 170 may be configured to disable the compromised keyset and generate another. If a vendor key is compromised, the e-commerce system 170 may simply reject the encrypted transaction tokens after revoking the signing keys. If the e-commerce system 170 private key is compromised, the e-commerce system 170 may be configured to transmit a key update to users of the e-commerce system 170 and revoke incoming transactions prior to the date of revocation.
  • the e-commerce system 170 may be configured to store a checksum of a token after it has been used, and to prevent the same from being used more than once.
  • the e-commerce system 170 may further be configured to store a group reference number for a used token, and prevent the group reference number from being used more than a predetermined number of times.
  • the e-commerce system 170 may not store keys prior to their usage, which may reduce the need for the database module 176 to store all tokens at the time of their creation.
  • the token generator 122 may comprise a Ruby library that may allow the vendor server 120 to generate tokens upon receiving credentials generated by the e-commerce system 170 .
  • the e-commerce system 170 may include an off-site library-based token generation system that may be configured to permit an automatic authenticated execution of a transaction via a web interface.
  • a vendor server 120 that has its own private key and public key and the e-commerce system 170 public key may generate a token authorizing a transaction on the part of a customer.
  • the customer device 150 or vendor server 120 may deliver this payload via email or another type of electronic messaging.
  • the e-commerce system 170 may further comprise an email processing system that may be configured to verify an email address associated with the sender of an email. This may permit the payment server 140 to verify that the payload was indicated for use by the recipient (since the email is included in the decrypted payload message).
  • the e-commerce system 170 may be configured to use a verification using the incoming IP address and browser details to assist in decoding certain token types.
  • the e-commerce system 170 may perform authentication of a payload based on a combination of browser identification settings, an Internet connectivity address, and partner key generation.
  • FIG. 3 shows a transactional diagram for a method 300 for token generation.
  • a vendor may post an offer on vendor website 129 or generate an email using the vendor email server 128 (steps 302 and 306 ). Both may rely on the token generator 122 to generate a token (step 304 ).
  • the token generator 122 as described above may create different types of tokens depending on the campaign.
  • the vendor email server 128 may transmit the generated token as a part of an email message (step 308 ).
  • the customer may checkout the transaction from either the URL or an email.
  • the system may be configured to allow a user to select multiple types of intended targets for a campaign.
  • a user may select email recipients, a web page, a social media account, mobile phone numbers etc.
  • the system may generate specific types of tokens for each type of intended recipient (e.g. SMS, email, web page etc.)
  • a customer may checkout from the URL associated with the vendor website 129 or send a response email with the token embedded (steps 310 and 312 ), which then allows the e-commerce system 170 to decode the token and process the transaction. If the transaction is successful, the e-commerce system may then send a notice of successful transaction to the vendor email server 128 which may send an email to the customer device 150 .
  • FIG. 4 is a flow diagram for a method 400 of token generation using web-based steps.
  • a customer device 150 may access a web page associated with a vendor. While accessing a web page, a browser client or app associated with the customer device 150 may request a page from the vendor server 120 (step 402 ). For example, the customer may browse to a with a price total offer on it. This web page may comprise a series of prices presented for one or more products and one or more quantities the web page may be for a checkout after a total is presented to the customer.
  • the vendor server 120 may generate a token for an offer (step 404 ). This token may comprise an IP address and browser identifiers.
  • the customer device 150 may be used to select an offer presented on the web page, which transmits a purchase request to the payment server 140 (step 406 ).
  • This payment request may be transmitted directly from the customer device 150 or from the vendor server 120 .
  • the payment request may include an IP address and browser identifiers associated with the customer device 150 and/or the user of the customer device 150 .
  • the payment request is received by the payment server 140 , which decrypts the token, and authenticates the IP address and browser identifiers sent by the browser client (step 408 ). If the token, IP address and browser identifiers are authenticated, the payment server 140 may complete the transaction.
  • FIG. 5 shows an example of a structure for a website token 500 .
  • element 502 may represent information that a vendor may request to be in a token. This may be customized as described above.
  • the website token may comprise a card token 504 , a user IP address 506 , and browser identifiers 508 . These elements are shown only as an example, as a website token may contain different elements to authenticate a transaction as described above.
  • FIG. 6 shows example web page 600 for a URL interface web checkout that may be displayed by the web browser unit 155 of the customer device 150 .
  • the web page 600 may include display elements which allow the user of the customer device 150 to complete e-commerce transactions from a vendor using one or more emails.
  • the web page 600 may be included in a web browser window that is displayed and managed by the web browser unit 155 .
  • the web page 600 may include data received by the web browser unit 155 from the vendor server 120 and/or the payment server 140 .
  • the web page 600 includes a plurality of input fields 602 and 606 - 610 as well as a display area 604 .
  • the example web page 600 may be used to solicit donations, for example for a fundraising campaign.
  • Input field 602 indicates the webpage for the vendor. As shown in FIG. 6 , display area 604 indicates that the user is logged in. Input fields 606 - 610 may each be associated with a different token, wherein each token is associated with a money value. A user wishing to donate a particular value may select one of the input fields 606 - 610 to facilitate a transaction for the displayed amount.
  • the token generator 122 may generate the tokens such that when one of the tokens in input fields 606 - 610 are selected, the others are disabled. This may prevent multiple clicks on the same web page erroneously resulting in multiple charges.
  • the token generator 122 may be configured may be in communication with the button generator 123 to assure that the displayed value and the token value are the same.
  • the payment server 140 may be configured to verify the displayed value versus the requested value.
  • FIG. 7 shows a transactional diagram for a method for generating a token with a website.
  • the system may be configured to perform an automated browser-initiated payment.
  • a vendor token generator 122 may also generate tokens for URL based checkout.
  • a browser checkout may be used in a scenario where a customer that is logged in is offered a dollar amount to be paid. Another scenario may be the moment of checkout where a total is presented to the customer, when the amount is selected by the customer a two-click checkout is generated for customer.
  • a customer using a customer device 150 uses a client (e.g. app or web browser) to request a page from vendor server 120 (step 702 ).
  • client e.g. app or web browser
  • the vendor server 120 generates a token with associated signatures (step 704 ).
  • the vendor server 120 includes the IP address of the incoming request and potentially other unique identifying information, such as user agent associated with the browser client of the customer device 150 or a generated cross-domain cookie.
  • the customer device 150 receives the token (step 706 ).
  • the customer device 150 may then be used to issue a request to the e-commerce system 170 (via direct request or JavaScript API call) containing the encrypted payload.
  • This request may originate from the same system (i.e. customer device 150 ) as the request to the vendor's server 120 originated; the identifying information (such as the IP address, the user agent, and a cross-domain cookie value) may also remain part of this request.
  • the e-commerce system 170 decrypts the payload, and compares the IP address, the user agent and the cross-domain cookie value to the values the partner's system has independently signed (step 710 ). If these values match, the e-commerce system 170 determines that the request is authorized by the vendor server 120 to make the transaction. The e-commerce system 170 then performs the transaction as specified by the other values in the token and notifies the vendor server 120 (step 712 ).
  • processor broadly refers to and is not limited to a single- or multi-core processor, a special purpose processor, a conventional processor, a Graphics Processing Unit (GPU), a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, one or more Application Specific Integrated Circuits (ASICs), one or more Field Programmable Gate Array (FPGA) circuits, any other type of integrated circuit (IC), a system-on-a-chip (SOC), and/or a state machine.
  • GPU Graphics Processing Unit
  • DSP digital signal processor
  • ASICs Application Specific Integrated Circuits
  • FPGA Field Programmable Gate Array
  • the term “computer-readable medium” broadly refers to and is not limited to a register, a cache memory, a ROM, a semiconductor memory device (such as a D-RAM, S-RAM, or other RAM), a magnetic medium such as a flash memory, a hard disk, a magneto-optical medium, an optical medium such as a CD-ROM, a DVDs, or Bluray-Disc, or other type of device for electronic data storage.
  • each feature or element can be used alone or in any combination with or without the other features and elements.
  • each feature or element as described above with reference to FIGS. 1-7 may be used alone without the other features and elements or in various combinations with or without other features and elements.
  • Sub-elements of the methods and features described above with reference to FIGS. 1-7 may be performed in any arbitrary order (including concurrently), in any combination or sub-combination.

Abstract

A method for generating tokens for use in an email-based e-commerce transaction between third party vendor and a customer that is facilitated by a payment server is disclosed. The method may comprise generating a token for use with an email checkout, wherein the token comprises a customer name, and customer email address. The processor may generate an email message for at least one recipient, the email message including a mailto hyperlink including the token, wherein the mailto hyperlink generates an email response message addressed to the payment server including the token. The method may comprise receiving a notification from the payment server indicating that the at least one recipient that the email response message was successfully received by the payment server and the email-based e-commerce transaction is successful.

Description

    CROSS REFERENCE TO RELATED APPLICATION
  • This application claims the benefit of U.S. provisional application No. 61/794,675, filed on Mar. 15, 2013, which is incorporated by reference as if fully set forth.
    • FIELD OF INVENTION
  • The present invention is related to electronic payment systems.
    • BACKGROUND
  • Vendors wishing to adopt an email-based payment method may need to integrate their own system with a third party system to use the email payment process. An email payment system may demand a close integration between the vendor and the e-commerce system. This setup may be time consuming and cumbersome for the vendor.
  • In designing an email payment system, problems may arise when the user base begins to scale the system to accommodate more users. The communication between the gateway and the vendor may be considerable depending on the size of the customer base and the array of offers. Larger numbers may use more bandwidth. Many online businesses' profits are dependent on the ability to scale their customer base. Any system that enters the marketplace must take into account large numbers of users. A system that would require the use of less bandwidth would be advantageous.
  • Online security is a concern for any vendor. Additionally, there are often security concerns since these third party systems are not located on the vendor's system. When adopting new systems many vendors prefer systems that allow them autonomy. Limiting the amount of communication between systems that may be communicating encrypted data over public networks reduces potential interference from outside parties. A process integrated directly in the vendor's system may reduce exposure.
  • Email-based payment systems contend with customers that are more familiar with web-based payment systems. Consumers expect to visit a URL to check out of merchandise. A two-click web URL checkout may be a desirable service for a vendor to provide to a client. The implementation of a tool that may generate tokens for web and email-based checkout may be desirable.
    • SUMMARY
  • As described in greater detail herein, the system is configured to provide vendors autonomy in generating tokens for both email and URL checkout. A token generator may be integrated directly in the vendor's system and may reduce communication with the email payment gateway. This configuration allows the vendor to produce tokens for email-based payments as well as two-click web-based checkout tokens. The token generator allows vendors to include secure tokens in advertising emails. The vendor server sends emails with tokens to customers that are registered to receive the email-based payment system. The emails contain hyperlinks that correspond to offers from the vendor. When the mailto hyperlink is selected, the new email contains a token that holds identifiers of the associated offer and purchaser. That email may then be sent to the email payment gateway. The system receives the email and decodes the contents of the email and processes the transaction. A corresponding offer may be generated for a two-click web transaction based on the token generator.
  • A method for generating tokens for use in an email-based e-commerce transaction between third party vendor and a customer that is facilitated by a payment server is disclosed. The method may comprise generating a token for use with an email checkout, wherein the token comprises a customer name, and customer email address. The processor may generate an email message for at least one recipient, the email message including a mailto hyperlink including the token, wherein the mailto hyperlink generates an email response message addressed to the payment server including the token. The method may comprise receiving a notification from the payment server indicating that the at least one recipient that the email response message was successfully received by the payment server and the email-based e-commerce transaction is successful.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • A more detailed understanding may be had from the following description, given by way of example in conjunction with the accompanying drawings wherein:
  • FIG. 1 shows an example system that may be used for a vendor token generator that may be used in e-commerce transactions;
  • FIG. 2 shows another example of a system for a vendor token generator for email and web-based checkout;
  • FIG. 3 shows a transactional diagram for a method for token generation;
  • FIG. 4 is a flow diagram for a method of token generation using web-based steps;
  • FIG. 5 shows a an example of a website token structure;
  • FIG. 6 shows an example of a web page for an URL Interface for web checkout; and
  • FIG. 7 shows a transactional diagram for a method for generating a token with a website.
    •  DETAILED DESCRIPTION
  • When used herein, the term “token” may refer a sequence of byte data or string or file used to authenticate a transaction. A token may be one or multiple encrypted strings, files, passwords, cyphers or other data which may contain information used to perform or authenticate a transaction when sent to payment servers. These tokens may be encrypted using a public-private key encryption system. The vendor or a party with knowledge of the vendor's private key may generate an encrypted token. Alternatively, a payment system or e-commerce site may generate this token on behalf of the vendor.
  • When used herein, the term “user agent” may refer to software and/or hardware that are acting on behalf of a user.
  • Disclosed herein are processor-executable methods, computing systems, and related technologies for a vendor token generator for e-commerce transactions. The system and method may use an email server/account to complete checkout of any type of product (e.g., items/services/events/donations) for a transfer of funds from a customer to a vendor (e.g. retail site, charity, political organization or other vendor.) While the technologies described herein are described using email as an example, they may also be applicable to similar communication mediums, such as SMS and MMS communication channels.
  • FIG. 1 shows an example system 100 that may be used for vendor token generation that may be used in e-commerce transactions. The example system 100 includes a customer device 150, a vendor server 120, a payment server 140, and a banking server 160 that may communicate over one or more wired and/or wireless communication networks 110. The wired or wireless communication networks 110 may be public, private or a combination of public or private networks.
  • The customer device 150 may be, for example, a cellular phone, a smartphone, a desktop computer, a laptop computer, a tablet computer, or any other appropriate computing device. The customer device 150 includes a processor 151, memory 152, a communications unit 153, a display unit 154 and web browser unit 155, which may communicate data to/from the web server module(s) in the vendor server 120 and payment server 140. The web browser unit 155 may include and/or communicate with one or more sub-modules that perform functionality such as rendering HTML (including but not limited to HTML5), rendering raster and/or vector graphics, executing JAVASCRIPT, and/or rendering multimedia content.
  • Alternatively or additionally, the web browser unit 155 may implement Rich Internet Application (RIA) and/or multimedia technologies such as ADOBE FLASH and/or other technologies compatible with Internet based communications. The web browser unit 155 may implement RIA and/or multimedia technologies using one or web browser plug-in modules (e.g., ADOBE FLASH), and/or using one or more sub-modules within the web browser unit 155 itself. The web browser unit 155 may display data on one or more display devices (not depicted) that are included in, or connected to, the customer device 150, such as a liquid crystal display (LCD) display or monitor. The customer device 150 may receive input from the user of the customer device 150 from input devices (not depicted) that are included in, or connected to, the customer device 150, such as a keyboard, a mouse, a microphone or a touch screen, and provide data that indicates the input to the web browser unit 155.
  • The vendor server 120 may include an HTTP server module 121, a token generator 122, a button generator 123, a processor 124, memory 125, a payment gateway 126 and a communications unit 127.
  • The HTTP server module 121 provides a website that may be accessed by a customer device 150. The HTTP server module 121 may implement the HTTP protocol, and may communicate Hypertext Markup Language (HTML) pages and related data from the website to/from the customer device 150 using HTTP. The vendor server 120 may be connected to one or more private or public networks (such as the Internet), via which the HTTP server module 121 communicates with devices such as the customer device 150. The HTTP server module 121 may generate one or more web pages and may communicate the web pages to the customer device 150, and may receive responsive information from the customer device 150.
  • The HTTP server module 121 may be, for example, an NGINX server, an APACHE HTTP server, a SUN-ONE Web Server, a MICROSOFT INTERNET Information Services (IIS) server, and/or may be based on any other appropriate HTTP server technology. The vendor server 120 may also include one or more additional components or modules (not depicted), such as one or more load balancers, firewall devices, routers, switches, and devices that handle power backup and data redundancy.
  • The payment gateway 126 may be a proprietary service that service that directly connects with the payment processors, such as banking server 160 to handle the credit card data, and authorize credit card payments.
  • The token generator 122 may generate tokens for use in e-commerce transactions. Tokens may be encrypted strings which contain information to perform a transaction when sent to the payment server(s) 140. A token may be one or multiple encrypted strings, files, passwords, cyphers or other data which may contain information used to perform or authenticate a transaction. A token may include one or more of the following parameters or other parameters not listed below:
      • a) Private-key: The private key provided by the payment server 140.
      • b) Public-key: Payment server's 140 public key, provided by the payment server 140.
      • c) Partner-id: The partner ID given provided by the payment server.
      • d) Environment: The environment the vendor wants to generate buttons for. This distinguishes whether the token is being used in a testing environment or in the live environment (and running real transactions).
      • e) Config: The path to a configuration file in yml format. This may hold a default set of information, e.g., private_key, public_key, partner_id, and other information—so they don't have to be entered separately each time a token is generated. The config field may also contain information specific to an offer (e.g. dollar amount) or a customer (e.g. card token) if multiple tokens are being generated with similar components.
      • f) Type: The type of token to generate (site, email, universal). There are multiple types of tokens that a token generator may generate and decode. For example, site tokens may be used for website transactions, email tokens for two-click email payments, and universal tokens for email validations.
      • g) Card: The card token associated with the recipient of this token. When a customer is registered with the payment server 140, the vendor receives a credit card token—a unique identifier that references the specific card associated with that customer and vendor. When the vendor is generating a token to submit to payment server 140, they may include the card token as a customer identifier.
      • h) Email: The email associated with the receipt of this token.
      • i) URL: The Signup URL the recipient should go to if customer does not have payment information registered with payment server 140.
      • j) Amount: The amount a user should be charged for the transaction the token is generated for.
      • k) User-data: Data to pass back as a reference. This data may include custom data that the vendor may want to pass through the payment server 140 and receive back when a transaction has completed. It may include an item reference number or SKU, customer address, or any other piece of data that is not required by payment server 140 to complete a transaction, but that the vendor wants associated with that transaction.
      • l) Expires: Expiration date for token, integer value of seconds since epoch.
      • m) Header-user-agent: The HTTP_USER_AGENT from the request header. HTTP headers are sent as part of a request from a customer's web browser unit 155 for a piece of information. These headers define the parameters that the web browser unit 155 is expecting to get back. The user-agent is the identifier of the software that is submitting the request—typically the identifier of the web browser unit 155 that is requesting the content.
      • n) Header-accept-language: The HTTP_ACCEPT_LANGUAGE from the request header. The accept-language is the acceptable language for the response—e.g. the language in which the web browser unit 155 is requesting the content be sent back.
      • o) Header-accept-charset: The HTTP_ACCEPT_CHARSET from the request header. The accept-charset is the character sets that are acceptable for the response—e.g. the character set in which the web browser unit 155 is requesting the content be sent back.
      • p) IP-address: The IP address of the token recipient.
  • The system 100 is designed to allow the vendor flexibility to offer deals for a limited time or number or responsive to available inventory. For example, the token may be configured to expire by default after two weeks, or any predetermined time, or never expire. The vendor server 120 may be configured to extend or shorten the expiration time of a particular offer associated with a token without resending an email or generating a new token. Also, the vendor server 120 may send email updates for an offer associated with a token. This may be predetermined, or may be later set, depending upon demand by customers. Additionally, the vendor server 120 may generate groups of token values that may automatically invalidate members of the group when one token is processed. This is useful when sending out multiple tokens via email to a single customer or when sending out tokens to multiple customers, but when the vendor wants only one or a predetermined number of tokens to be processed. Therefore, when these tokens are used, the other tokens are invalidated, effectively rescinding the offered deal. The vendor server 120 may further be configured to send email notifications that the previously submitted token is now invalid.
  • The button generator 123 may create cross-client and cross-browser compatible buttons for email checkouts. In one embodiment, the button generator 123 may include the token generator 122 to automatically generate an associated token for each button that is created.
  • A button and an associated token, generated by the button generator 123 and/or the token generator 122 may be embedded on a web page created by the HTTP server module 121.
  • The memory 125 may be configured to store information associated with e-commerce transactions. This may include inventory information, information used to generate web pages, customer information, and other e-commerce data.
  • The payment server 140 may include an HTTP server module 141, a token generator 142, a processor 143, memory 144, payment gateway 145 and a communications unit 146. While only one vendor server 120 is shown communicating with the payment server 140, this is shown as an example only. Payment server 140 may communicate with multiple vendor servers 120. A customer, wishing to use the services of the payment server 140, may register his/her email address and payment information with the payment server 140. Similarly, vendors may register with the payment server 140. The payment server 140 may provide the vendor server 120 with a public key and private key to be used in token transaction in accordance with the methods described herein. When a transaction is attempted, the payment server 140 decodes the token, authenticates the sender of the email, and may process the transaction. While the payment server 140 is depicted as a separate entity in FIG. 1, this is shown as an example only. The payment server 140 may be controlled and/or co-located with the vendor server 120, the banking server 160.
  • The banking server 160 may be controlled by a third party system bank. The payment server 140 may communicate with the banking server 160 to verify that the customer has adequate funds or credit for the requested purchase. For example, the banking server 160 may be a controlled by VISA, AMERICAN EXPRESS, MASTERCARD or any other bank or banking or financial network that a customer may use for online payment. The banking server 160 may be a server for virtual currencies, such as BITCOIN, etc.
  • FIG. 2 shows another example of a system for a vendor token generator for email and web-based checkout. As shown in FIG. 2, the example system may include a vendor server 120, a customer device 150, an e-commerce system 170 and a payment processing system 180. The architecture shown in FIG. 2 enables vendors to generate two-click tokens within their own vendor server 120, without requiring communication with the e-commerce system 170 at the time the tokens are created. As shown in FIG. 2, the example vendor server 120 may include token generator 122, a vendor email server 128 and vendor website 129. The example customer device 150 may comprise a two-click web checkout unit 155, an email client offer email module 156 an email client sign up email module 157 and web browser signup module 158. The e-commerce system 170 may comprise a token decoding unit 171, interface unit 172, a database module 176, an order execution unit 173, a message processing unit 174 and an account management unit 175. The two-click web checkout unit 155 may be an application or API or software based module enabling the customer device 150 to participate in a two-click web checkout. The email client offer email module 156 and the email client sign up email module 157 may be integrated with an email client or web client associated with the customer device 150. The web browser signup module 158 may be configured to facilitate the signing a customer up with the e-commerce system 170 as well as signing the customer in. This may facilitate the ability of the customer device 150 to respond to offers (e.g. without requiring manually signing in each time).
  • Regarding the e-commerce system 170, the token decoding unit 171 may be configured to decode tokens. The interface unit 172 may be configured to interface with the vendor server 120, the payment processing system 180, and one or more customer devices 150. The message processing unit 174 may be configured to process received email messages and to generate email messages. The order execution unit may be configured to execute e-commerce transactions. The account management unit 175 may be configured to manage accounts of a plurality of members (both vendors and customers) associated with the e-commerce system 170.
  • There may be multiple methods and types of two-click tokens that may be generated. As shown in the example of FIG. 2, there are two types shown. The vendor server 120 may generate a first type of token may for use with email checkout and/or a second type of token for URL checkout. The order in which the tokens are generated may be based on the time at which a vendor requests a token. The system is configured to use a secure and backwards compatible process for facilitation during the integration process. The methods and apparatus described herein may provide the vendor server 120 with improved security embedding more functionality in the vendor server 120. The methods described herein may reduce bandwidth by streamlining communications with the e-commerce system 170.
  • The vendor server 120 may generate an email offer that may be processed by the vendor email server 128. The token generator 122 may create the token to provide a purchase opportunity. In one embodiment, the token may be generated without requiring contact with the e-commerce system's 170 API. In another embodiment, the token may be created with some contact with the e-commerce system 170.
  • Token generation by the vendor server 120 may involve a public key cryptography solution, which currently may use the following technology components: encryption, using an XSalsa20 stream cipher; authentication using Poly1305 MAC; and/or public keys using Curve25519 high-speed elliptic curve cryptography. This above algorithms are used merely as an example to illustrate the user of public key cryptography, and not meant to be limiting to those specific algorithms.
  • To enable the vendor server 120 to create a token, the token generator 122 may comprise a token generation library is installed in the vendor server 120. The token generator 122 may comprise a custom library that meets token protocol formatting requirements determined by the e-commerce system 170.
  • The vendor server 120 may be configured with keys provided by the e-commerce system 170. The vendor server 120 receives a unique private and public key associated with the vendor, and a public key that the e-commerce system 170 uses for multiple partners. The vendor server 120 may generate a token with their unique key, and provide the e-commerce system's 170 public key as the intended target for messages.
  • The vendor server 120 inputs the required parameters for the specified token type into the token generator 122 and receives back the encrypted token containing some combination of the following information that the vendor may input:
      • a. token type;
      • b. card token (associated with the recipient of this token);
      • c. email address for recipient (user that may be initiating a payment via two-click);
      • d. amount of the transaction (numeric value);
      • e. a unique partner id given to the partner (similar to the UUID but an additional column of a different type);
      • f. signup URL (where the recipient is directed if their payment information is not on file);
      • g. expiration date (after this time the token is no longer considered valid)
      • h. group (tokens with a group equal to this value may not be considered valid after the execution of a single member);
      • i. user data (data the vendor wants returned as a reference); and/or
      • j. computer/browser identifiers (identifies user for security purposes).
  • The e-commerce system's 170 message processing unit 174 receives an email containing an encoded token (e.g. Base64), the e-commerce system 170 decrypts the key into the above information, confirms the key's validity, ensures that the vendor server 120 is authorized to generate tokens, and processes a payment for the user with the given email address. In another example, the vendor server 120 may pass a member identifier instead of an email address, which may specify a specific credit card or billing option to charge.
  • If a keyset is compromised, the e-commerce system 170 may be configured to disable the compromised keyset and generate another. If a vendor key is compromised, the e-commerce system 170 may simply reject the encrypted transaction tokens after revoking the signing keys. If the e-commerce system 170 private key is compromised, the e-commerce system 170 may be configured to transmit a key update to users of the e-commerce system 170 and revoke incoming transactions prior to the date of revocation.
  • The e-commerce system 170 may be configured to store a checksum of a token after it has been used, and to prevent the same from being used more than once. The e-commerce system 170 may further be configured to store a group reference number for a used token, and prevent the group reference number from being used more than a predetermined number of times. In one embodiment, the e-commerce system 170 may not store keys prior to their usage, which may reduce the need for the database module 176 to store all tokens at the time of their creation.
  • The token generator 122 may comprise a Ruby library that may allow the vendor server 120 to generate tokens upon receiving credentials generated by the e-commerce system 170.
  • The e-commerce system 170 may include an off-site library-based token generation system that may be configured to permit an automatic authenticated execution of a transaction via a web interface. A vendor server 120 that has its own private key and public key and the e-commerce system 170 public key may generate a token authorizing a transaction on the part of a customer. The customer device 150 or vendor server 120 may deliver this payload via email or another type of electronic messaging. The e-commerce system 170 may further comprise an email processing system that may be configured to verify an email address associated with the sender of an email. This may permit the payment server 140 to verify that the payload was indicated for use by the recipient (since the email is included in the decrypted payload message). To accommodate the processing of web-based checkout, the e-commerce system 170 may be configured to use a verification using the incoming IP address and browser details to assist in decoding certain token types.
  • In another embodiment, the e-commerce system 170 may perform authentication of a payload based on a combination of browser identification settings, an Internet connectivity address, and partner key generation.
  • FIG. 3 shows a transactional diagram for a method 300 for token generation. As shown in FIG. 3, a vendor may post an offer on vendor website 129 or generate an email using the vendor email server 128 (steps 302 and 306). Both may rely on the token generator 122 to generate a token (step 304). The token generator 122 as described above may create different types of tokens depending on the campaign. In the case of an email campaign, the vendor email server 128 may transmit the generated token as a part of an email message (step 308). Similarly, the customer may checkout the transaction from either the URL or an email. The system may be configured to allow a user to select multiple types of intended targets for a campaign. For example, when generating an offer, a user may select email recipients, a web page, a social media account, mobile phone numbers etc. The system may generate specific types of tokens for each type of intended recipient (e.g. SMS, email, web page etc.) A customer may checkout from the URL associated with the vendor website 129 or send a response email with the token embedded (steps 310 and 312), which then allows the e-commerce system 170 to decode the token and process the transaction. If the transaction is successful, the e-commerce system may then send a notice of successful transaction to the vendor email server 128 which may send an email to the customer device 150.
  • FIG. 4 is a flow diagram for a method 400 of token generation using web-based steps. A customer device 150 may access a web page associated with a vendor. While accessing a web page, a browser client or app associated with the customer device 150 may request a page from the vendor server 120 (step 402). For example, the customer may browse to a with a price total offer on it. This web page may comprise a series of prices presented for one or more products and one or more quantities the web page may be for a checkout after a total is presented to the customer. In response to this request, the vendor server 120 may generate a token for an offer (step 404). This token may comprise an IP address and browser identifiers. The customer device 150 may be used to select an offer presented on the web page, which transmits a purchase request to the payment server 140 (step 406). This payment request may be transmitted directly from the customer device 150 or from the vendor server 120. The payment request may include an IP address and browser identifiers associated with the customer device 150 and/or the user of the customer device 150. The payment request is received by the payment server 140, which decrypts the token, and authenticates the IP address and browser identifiers sent by the browser client (step 408). If the token, IP address and browser identifiers are authenticated, the payment server 140 may complete the transaction.
  • FIG. 5 shows an example of a structure for a website token 500. As shown in FIG. 5, element 502 may represent information that a vendor may request to be in a token. This may be customized as described above. The website token may comprise a card token 504, a user IP address 506, and browser identifiers 508. These elements are shown only as an example, as a website token may contain different elements to authenticate a transaction as described above.
  • FIG. 6 shows example web page 600 for a URL interface web checkout that may be displayed by the web browser unit 155 of the customer device 150. The web page 600 may include display elements which allow the user of the customer device 150 to complete e-commerce transactions from a vendor using one or more emails. The web page 600 may be included in a web browser window that is displayed and managed by the web browser unit 155. The web page 600 may include data received by the web browser unit 155 from the vendor server 120 and/or the payment server 140. As shown in FIG. 6, the web page 600 includes a plurality of input fields 602 and 606-610 as well as a display area 604. The example web page 600 may be used to solicit donations, for example for a fundraising campaign. Input field 602 indicates the webpage for the vendor. As shown in FIG. 6, display area 604 indicates that the user is logged in. Input fields 606-610 may each be associated with a different token, wherein each token is associated with a money value. A user wishing to donate a particular value may select one of the input fields 606-610 to facilitate a transaction for the displayed amount. In one embodiment, the token generator 122 may generate the tokens such that when one of the tokens in input fields 606-610 are selected, the others are disabled. This may prevent multiple clicks on the same web page erroneously resulting in multiple charges. In another embodiment, the token generator 122 may be configured may be in communication with the button generator 123 to assure that the displayed value and the token value are the same. Similarly, the payment server 140 may be configured to verify the displayed value versus the requested value.
  • FIG. 7 shows a transactional diagram for a method for generating a token with a website. The system may be configured to perform an automated browser-initiated payment. In addition to, or alternative to, using generating email tokens, a vendor token generator 122 may also generate tokens for URL based checkout. A browser checkout may be used in a scenario where a customer that is logged in is offered a dollar amount to be paid. Another scenario may be the moment of checkout where a total is presented to the customer, when the amount is selected by the customer a two-click checkout is generated for customer. As shown in FIG. 7 a customer, using a customer device 150 uses a client (e.g. app or web browser) to request a page from vendor server 120 (step 702). The vendor server 120 generates a token with associated signatures (step 704). In submitting the token parameters, the vendor server 120 includes the IP address of the incoming request and potentially other unique identifying information, such as user agent associated with the browser client of the customer device 150 or a generated cross-domain cookie. The customer device 150 receives the token (step 706). The customer device 150 may then be used to issue a request to the e-commerce system 170 (via direct request or JavaScript API call) containing the encrypted payload. This request may originate from the same system (i.e. customer device 150) as the request to the vendor's server 120 originated; the identifying information (such as the IP address, the user agent, and a cross-domain cookie value) may also remain part of this request. The e-commerce system 170 decrypts the payload, and compares the IP address, the user agent and the cross-domain cookie value to the values the partner's system has independently signed (step 710). If these values match, the e-commerce system 170 determines that the request is authorized by the vendor server 120 to make the transaction. The e-commerce system 170 then performs the transaction as specified by the other values in the token and notifies the vendor server 120 (step 712).
  • As used herein, the term “processor” broadly refers to and is not limited to a single- or multi-core processor, a special purpose processor, a conventional processor, a Graphics Processing Unit (GPU), a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, one or more Application Specific Integrated Circuits (ASICs), one or more Field Programmable Gate Array (FPGA) circuits, any other type of integrated circuit (IC), a system-on-a-chip (SOC), and/or a state machine.
  • As used to herein, the term “computer-readable medium” broadly refers to and is not limited to a register, a cache memory, a ROM, a semiconductor memory device (such as a D-RAM, S-RAM, or other RAM), a magnetic medium such as a flash memory, a hard disk, a magneto-optical medium, an optical medium such as a CD-ROM, a DVDs, or Bluray-Disc, or other type of device for electronic data storage.
  • Although the methods and features described above with reference to FIGS. 3-7 are described above as performed using the example system 100 of FIG. 1 or system 200 of FIG. 2, the methods and features described above may be performed, mutatis mutandis, using any appropriate architecture and/or computing environment. Although features and elements are described above in particular combinations, each feature or element can be used alone or in any combination with or without the other features and elements. For example, each feature or element as described above with reference to FIGS. 1-7 may be used alone without the other features and elements or in various combinations with or without other features and elements. Sub-elements of the methods and features described above with reference to FIGS. 1-7 may be performed in any arbitrary order (including concurrently), in any combination or sub-combination.

Claims (15)

What is claimed is:
1. A method for generating tokens for use in an email-based e-commerce transaction between third party vendor and a customer that is facilitated by a payment server, the method comprising:
generating, by a processor associated with the third party vendor, a token for use with an email checkout, wherein the token comprises a customer name, and customer email address;
generating, by the processor, an email message for at least one recipient, the email message including a mailto hyperlink including the token, wherein the mailto hyperlink generates an email response message addressed to the payment server including the token; and
receiving, by a receiver, a notification from the payment server indicating that the at least one recipient that the email response message was successfully received by the payment server and the email-based e-commerce transaction is successful.
2. The method of claim 1, wherein the email message comprises multiple tokens.
3. The method of claim 2, wherein each of the multiple tokens is associated with a different offered product.
4. The method of claim 2, wherein each of the multiple tokens are associated with a different price.
5. The method of claim 1, further comprising generating, by the processor, a second token for use with an URL checkout, wherein the second token is associated with the same offered product.
6. The method of claim 5, further comprising posting the second token on a social media website.
7. The method of claim 1, further comprising transmitting a message to the payment server, indicating tokens that are in use.
8. A method for generating tokens for use in a web-based e-commerce transaction between third party vendor and a customer that is facilitated by a payment server, the method comprising:
generating, by a processor associated with the third party vendor, a token for use with an web checkout, wherein the token comprises a customer name, customer email address, a customer IP address, at least one browser identifier, and an offered product;
generating, by the processor, an email message for at least one recipient, the email message including a mailto hyperlink including the token, wherein the mailto hyperlink generates an email response message addressed to the payment server including the token; and
receiving, by a receiver, a notification from the payment server indicating that the at least one recipient that the email response message was successfully received by the payment server, wherein the payment server authenticates the transaction based at least in part on the customer IP address and the at least one browser identifier.
9. A system for generating tokens for use in an email-based e-commerce transaction between third party vendor and a customer that is facilitated by a payment server, the system comprising:
a processor configured to generate a token for use with an email checkout, wherein the token comprises a customer name, and customer email address;
the processor further configured to generate an email message for at least one recipient, the email message including a mailto hyperlink including the token, wherein the mailto hyperlink generates an email response message addressed to the payment server including the token; and
a receiver configured to receive a notification from the payment server indicating that the at least one recipient that the email response message was successfully received by the payment server and the email-based e-commerce transaction is successful.
10. The system of claim 9, wherein the email message comprises multiple tokens.
11. The system of claim 10, wherein each of the multiple tokens is associated with a different offered product.
12. The system of claim 10, wherein each of the multiple tokens are associated with a different price.
13. The system of claim 9, wherein the processor is further configured to generate a second token for use with an URL checkout, wherein the second token is associated with the same offered product.
14. The system of claim 13, wherein the processor is further configured to post the second token on a social media website.
15. The system of claim 9, wherein the processor is further configured to transmit a message to the payment server, indicating tokens that are in use.
US14/216,227 2013-03-15 2014-03-17 Vendor token generator Abandoned US20140279553A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US14/216,227 US20140279553A1 (en) 2013-03-15 2014-03-17 Vendor token generator
US15/436,146 US11276045B2 (en) 2013-03-15 2017-02-17 Vendor token generator
US17/694,282 US20220198415A1 (en) 2013-03-15 2022-03-14 Vendor token generator

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201361794675P 2013-03-15 2013-03-15
US14/216,227 US20140279553A1 (en) 2013-03-15 2014-03-17 Vendor token generator

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/436,146 Continuation US11276045B2 (en) 2013-03-15 2017-02-17 Vendor token generator

Publications (1)

Publication Number Publication Date
US20140279553A1 true US20140279553A1 (en) 2014-09-18

Family

ID=51532623

Family Applications (5)

Application Number Title Priority Date Filing Date
US14/216,227 Abandoned US20140279553A1 (en) 2013-03-15 2014-03-17 Vendor token generator
US14/216,256 Abandoned US20140279444A1 (en) 2013-03-15 2014-03-17 Peer to peer email based financial transactions
US15/436,146 Active 2034-11-24 US11276045B2 (en) 2013-03-15 2017-02-17 Vendor token generator
US15/604,193 Pending US20170255911A1 (en) 2013-03-15 2017-05-24 Peer to peer email based financial transactions
US17/694,282 Pending US20220198415A1 (en) 2013-03-15 2022-03-14 Vendor token generator

Family Applications After (4)

Application Number Title Priority Date Filing Date
US14/216,256 Abandoned US20140279444A1 (en) 2013-03-15 2014-03-17 Peer to peer email based financial transactions
US15/436,146 Active 2034-11-24 US11276045B2 (en) 2013-03-15 2017-02-17 Vendor token generator
US15/604,193 Pending US20170255911A1 (en) 2013-03-15 2017-05-24 Peer to peer email based financial transactions
US17/694,282 Pending US20220198415A1 (en) 2013-03-15 2022-03-14 Vendor token generator

Country Status (1)

Country Link
US (5) US20140279553A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016149509A1 (en) * 2015-03-17 2016-09-22 Secure Cloud Systems, LLC Real time control of a remote device
US20180075444A1 (en) * 2016-09-12 2018-03-15 Square, Inc. Processing a mobile payload
US10146932B2 (en) 2016-01-29 2018-12-04 Google Llc Device access revocation
KR20190003764A (en) * 2016-05-09 2019-01-09 알리바바 그룹 홀딩 리미티드 Automatic login method and apparatus among a plurality of websites
US20190333066A1 (en) * 2014-04-24 2019-10-31 Swoop Ip Holdings Llc Sms and social media dual authorization, management oversight, and non-password security in email based e-commerce
US20210105589A1 (en) * 2014-05-19 2021-04-08 Swoop Ip Holdings Llc Email based e-commerce with sms and social media
US20210110373A1 (en) * 2019-10-14 2021-04-15 Capital One Services, Llc Social media account-linking checkout
US11012722B2 (en) 2018-02-22 2021-05-18 Secure Cloud Systems, Inc. System and method for securely transferring data
USD947209S1 (en) 2016-09-12 2022-03-29 Block, Inc. Display screen with graphical user interface for a mobile device
US11301219B2 (en) * 2015-05-22 2022-04-12 Paypal, Inc. Hosted sensitive data form fields for compliance with security standards
US11329963B2 (en) 2018-02-22 2022-05-10 Eclypses, Inc. System and method for securely transferring data
US11405203B2 (en) 2020-02-17 2022-08-02 Eclypses, Inc. System and method for securely transferring data using generated encryption keys
US11507931B1 (en) 2014-07-31 2022-11-22 Block, Inc. Payout payment platform
US11522707B2 (en) 2021-03-05 2022-12-06 Eclypses, Inc. System and method for detecting compromised devices
US11720693B2 (en) 2021-03-05 2023-08-08 Eclypses, Inc. System and method for securely transferring data
US11961055B1 (en) 2018-05-14 2024-04-16 Block, Inc. Bill payment using direct funds transfer

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9536232B2 (en) 2013-03-15 2017-01-03 Square, Inc. Transferring money using email
US9449321B2 (en) 2013-03-15 2016-09-20 Square, Inc. Transferring money using email
GB2518392A (en) * 2013-09-19 2015-03-25 Visa Europe Ltd Account association systems and methods
GB2518691A (en) * 2013-09-30 2015-04-01 Visa Europe Ltd Account association systems and methods
US9378491B1 (en) 2013-10-15 2016-06-28 Square, Inc. Payment transfer by sending E-mail
USD769274S1 (en) 2014-04-21 2016-10-18 Square, Inc. Display screen with a graphical user interface
US10614445B1 (en) 2014-06-04 2020-04-07 Square, Inc. Proximity-based payments
US10963868B1 (en) 2014-09-09 2021-03-30 Square, Inc. Anonymous payment transactions
US20160125370A1 (en) 2014-10-31 2016-05-05 Square, Inc. Money transfer by use of a syntax
US10127544B2 (en) 2014-12-16 2018-11-13 Facebook, Inc. Sending and receiving payments using a message system
US10062072B2 (en) 2014-12-19 2018-08-28 Facebook, Inc. Facilitating sending and receiving of peer-to-business payments
US11416829B2 (en) * 2015-07-13 2022-08-16 Swoop Ip Holdings Llc Myriad of payment methods with alternate payment controls
US10127532B1 (en) 2015-08-19 2018-11-13 Square, Inc. Customized transaction flow
US10410194B1 (en) 2015-08-19 2019-09-10 Square, Inc. Customized tipping flow
US20170148011A1 (en) * 2015-11-25 2017-05-25 @Pay Ip Holdings Llc Web-based checkout and alternate login based on secure identifiers and alternate link formats
US20170185989A1 (en) * 2015-12-28 2017-06-29 Paypal, Inc. Split group payments through a sharable uniform resource locator address for a group
KR101865879B1 (en) * 2016-04-27 2018-06-12 주식회사 하렉스인포텍 System and method for providing financial transaction using pre-approval
CN106326185A (en) * 2016-08-30 2017-01-11 北京像素软件科技股份有限公司 Processing method for asynchronous data consumption
US11537867B2 (en) 2017-09-27 2022-12-27 Visa International Service Association System and method for online analysis
US11232429B2 (en) * 2018-12-19 2022-01-25 Paypal, Inc. Automated data tokenization through networked sensors
US11716617B2 (en) 2019-05-02 2023-08-01 Ares Technologies, Inc. Systems and methods for cryptographic authorization of wireless communications
CN110213729B (en) * 2019-05-30 2022-06-24 维沃移动通信有限公司 Message sending method and terminal
US11699157B1 (en) * 2020-09-30 2023-07-11 Chime Financial, Inc. Dynamic generation of digital messages with unique links for direct-to-merchant payments
US20220198501A1 (en) * 2020-12-17 2022-06-23 The Toronto-Dominion Bank Real-time assessment of initiated data exchanges based on structured messaging data
TR202106448A2 (en) * 2021-04-12 2021-04-21 Ups Hizli Kargo Tasimaciligi Anonim Sirketi A New Posting Platform for Social Media and Messaging Apps

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6175823B1 (en) * 1998-09-15 2001-01-16 Amazon.Com, Inc. Electronic gift certificate system
US20140207628A1 (en) * 2013-01-18 2014-07-24 Loop Commerce, Inc. Gift transaction system architecture

Family Cites Families (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5903652A (en) * 1996-11-25 1999-05-11 Microsoft Corporation System and apparatus for monitoring secure information in a computer network
US5903878A (en) * 1997-08-20 1999-05-11 Talati; Kirit K. Method and apparatus for electronic commerce
US6101485A (en) 1998-03-26 2000-08-08 International Business Machines Corporation Electronic solicitations for internet commerce
US7979881B1 (en) * 2000-03-30 2011-07-12 Microsoft Corporation System and method for identifying audio/visual programs to be recorded
FI20011680A (en) * 2001-08-21 2003-02-22 Bookit Oy Appointment method and system
US10134202B2 (en) * 2004-11-17 2018-11-20 Paypal, Inc. Automatic address validation
US9002018B2 (en) * 2006-05-09 2015-04-07 Sync Up Technologies Corporation Encryption key exchange system and method
WO2011005900A1 (en) * 2009-07-07 2011-01-13 Finsphere Corporation Mobile directory number and email verification of financial transactions
WO2008121900A1 (en) 2007-03-30 2008-10-09 Roland Chemtob Electronic fund transfers using an electronic mail interface
US20100070419A1 (en) 2008-09-17 2010-03-18 Srinivas Vadhri System and method to initiate a function with an email message
US20110313921A1 (en) * 2009-12-14 2011-12-22 Sanjeev Dheer Internetworking Between P2P Networks
US20110213707A1 (en) * 2010-03-01 2011-09-01 Fiserv, Inc. Systems and methods for facilitating person-to-person payments
US8380177B2 (en) 2010-04-09 2013-02-19 Paydiant, Inc. Mobile phone payment processing methods and systems
US8719156B2 (en) 2010-06-29 2014-05-06 Ebay Inc. Payment link
WO2012047942A1 (en) * 2010-10-04 2012-04-12 Hungerford Karen L Facilitating interactions between non-profits, businesses and consumers
US8725635B2 (en) 2010-11-04 2014-05-13 Bank Of America Corporation Online payment system and method
US20120185382A1 (en) * 2011-01-19 2012-07-19 Mark Noyes Fischer Pay by link system and method
US20120215658A1 (en) * 2011-02-23 2012-08-23 dBay Inc. Pin-based payment confirmation
US8775263B2 (en) * 2011-03-29 2014-07-08 @Pay Ip Holdings Llc System and method for email-based e-commerce
US9818111B2 (en) * 2011-04-15 2017-11-14 Shift4 Corporation Merchant-based token sharing
US20120330736A1 (en) 2011-05-31 2012-12-27 Sean Beckner System and Method of Gifting, Gift Sharing, and Gift Redemption
CN103797500A (en) 2011-06-03 2014-05-14 维萨国际服务协会 Virtual wallet card selection apparatuses, methods and systems
US20120310753A1 (en) * 2011-06-06 2012-12-06 Kaws, Inc. System, method, and computer program product for electronic purchasing without alpha numeric data entry
US20130018790A1 (en) * 2011-07-13 2013-01-17 Ebay Inc. Universal addressing scheme
US8949940B1 (en) * 2011-10-12 2015-02-03 Mahasys LLC Aggregating data from multiple issuers and automatically organizing the data
US10395223B2 (en) 2012-03-07 2019-08-27 Early Warning Services, Llc System and method for transferring funds
US8762272B1 (en) * 2012-12-27 2014-06-24 Google Inc. Management of emails containing payments
US8606703B1 (en) 2013-03-15 2013-12-10 Square, Inc. Method for transferring money using email
US11055707B2 (en) * 2014-06-24 2021-07-06 Visa International Service Association Cryptocurrency infrastructure system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6175823B1 (en) * 1998-09-15 2001-01-16 Amazon.Com, Inc. Electronic gift certificate system
US20140207628A1 (en) * 2013-01-18 2014-07-24 Loop Commerce, Inc. Gift transaction system architecture

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11727410B2 (en) * 2014-04-24 2023-08-15 Swoop Ip Holdings Llc Method and apparatus for improving security of a computer network utilizing simple mail transfer protocol (SMTP)
US20190333066A1 (en) * 2014-04-24 2019-10-31 Swoop Ip Holdings Llc Sms and social media dual authorization, management oversight, and non-password security in email based e-commerce
US20210105589A1 (en) * 2014-05-19 2021-04-08 Swoop Ip Holdings Llc Email based e-commerce with sms and social media
US11507931B1 (en) 2014-07-31 2022-11-22 Block, Inc. Payout payment platform
WO2016149509A1 (en) * 2015-03-17 2016-09-22 Secure Cloud Systems, LLC Real time control of a remote device
US9921561B2 (en) 2015-03-17 2018-03-20 Secure Cloud Systems, Inc. Real time control of a remote device
US20180203427A1 (en) * 2015-03-17 2018-07-19 Secure Cloud Systems, Inc. Real time control of a remote device
US10503133B2 (en) * 2015-03-17 2019-12-10 Secure Cloud Systems, Inc. Real time control of a remote device
US11301219B2 (en) * 2015-05-22 2022-04-12 Paypal, Inc. Hosted sensitive data form fields for compliance with security standards
US10146932B2 (en) 2016-01-29 2018-12-04 Google Llc Device access revocation
KR20190003764A (en) * 2016-05-09 2019-01-09 알리바바 그룹 홀딩 리미티드 Automatic login method and apparatus among a plurality of websites
KR102429633B1 (en) * 2016-05-09 2022-08-04 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. Automatic login method and device between multiple websites
USD947209S1 (en) 2016-09-12 2022-03-29 Block, Inc. Display screen with graphical user interface for a mobile device
US10949829B2 (en) 2016-09-12 2021-03-16 Square, Inc. Processing a mobile payload
US11562339B2 (en) 2016-09-12 2023-01-24 Block, Inc. Processing a mobile payload
US20180075444A1 (en) * 2016-09-12 2018-03-15 Square, Inc. Processing a mobile payload
US11012722B2 (en) 2018-02-22 2021-05-18 Secure Cloud Systems, Inc. System and method for securely transferring data
US11329963B2 (en) 2018-02-22 2022-05-10 Eclypses, Inc. System and method for securely transferring data
US11770370B2 (en) 2018-02-22 2023-09-26 Eclypses, Inc. System and method for transferring data
US11961055B1 (en) 2018-05-14 2024-04-16 Block, Inc. Bill payment using direct funds transfer
US20210110373A1 (en) * 2019-10-14 2021-04-15 Capital One Services, Llc Social media account-linking checkout
US11405203B2 (en) 2020-02-17 2022-08-02 Eclypses, Inc. System and method for securely transferring data using generated encryption keys
US11522707B2 (en) 2021-03-05 2022-12-06 Eclypses, Inc. System and method for detecting compromised devices
US11720693B2 (en) 2021-03-05 2023-08-08 Eclypses, Inc. System and method for securely transferring data

Also Published As

Publication number Publication date
US20220198415A1 (en) 2022-06-23
US20140279444A1 (en) 2014-09-18
US11276045B2 (en) 2022-03-15
US20170255911A1 (en) 2017-09-07
US20170308873A1 (en) 2017-10-26

Similar Documents

Publication Publication Date Title
US20220198415A1 (en) Vendor token generator
US11797981B2 (en) Automated application programming interface (API) system and method
US20220129866A1 (en) Method and system for a secure registration
US20210241358A1 (en) Secure email authentication system for completing e-commerce transactions
US11373156B2 (en) Method, system, and computer readable storage medium for alternative email-based website checkouts
US11727410B2 (en) Method and apparatus for improving security of a computer network utilizing simple mail transfer protocol (SMTP)
US20200296082A1 (en) Email-based authentication for account login, account creation and security for passwordless transactions
US11775948B2 (en) System and method for two-click validation
US10250535B2 (en) Email based e-commerce using embedded forms
US20170148011A1 (en) Web-based checkout and alternate login based on secure identifiers and alternate link formats
US20240127254A1 (en) Method and apparatus for improving security of a computer network utilizing simple mail transfer protocol (smtp)

Legal Events

Date Code Title Description
AS Assignment

Owner name: @PAY IP HOLDINGS LLC, DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KASSEMI, JAMES;WALZ-BURKETT, DAVE;PERSON, CHAD;REEL/FRAME:033764/0814

Effective date: 20140820

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION