Note: Descriptions are shown in the official language in which they were submitted.
CA 02300347 2000-03-10
1
TITLE OF INVENTION
Client-Centered Secure E-Commerce
TECHNICAL FIELD OF THE INVENTION
This invention relates to electronic commerce transactions. In
particular this invention relates to the provision of a secure means of
l0 transacting purchases of goods and services without requiring disclosure
of a purchaser's confidential personal financial information to merchants.
BACKGROUND OF THE INVENTION
Retail transactions are increasingly conducted electronically over
the Internet. Such transactions generally require direct payment by the
consumer to the merchant using a credit card or debit card payment
method. The transfer of confidential financial information to a variety of
2o merchants through such transactions presents a risk of theft and fraudulent
use of the information. Such a risk is potentially financially harmful to the
consumer whose information is mis-used, and the possibility of such theft
or fraud discourages consumers from engaging in electronic transactions,
thereby limiting the potential of e-commerce.
The client-centered secure E-commerce business model process of
the present application is designed to enable a client to make a purchase
from a merchant without having to transfer any personal banking
information to the merchant. The invention will assist in preventing
CA 02300347 2000-03-10
2
commerce transaction fraud by placing transactions entirely in the hands of
authenticated clients and their banks. By providing a higher standard of
security for all parties involved in a transaction, the invention will benefit
merchants, financial institutions and purchasers.
It is therefore an object of the present invention to provide a
business model and method which will enable secure e-commerce
transactions.
l0 It is a further object of this invention to provide such a business
model and method in which confidential financial and identification
information is registered with and managed by an on-line intermediary
which acts as an intermediary between a consumer, merchants and
financial institutions to quickly complete a transaction without disclosing
the consumer's personal financial information to the merchant.
These ~ and further objects of the invention will be appreciated by
reference to the summary of the invention and to the detailed description of
the preferred and alternative embodiments which follow.
SUMMARY OF THE INVENTION
According to the invention, an intermediary is interposed between a
merchant or payee and a purchaser or payor in a commercial transaction,
particularly an electronic commerce transaction. The intermediary retains
personal banking or credit information of the purchaser or payor. Upon
request of the purchaser or payor, the intermediary acquires information
regarding the transaction or payment to be executed, and the intermediary
CA 02300347 2000-03-10
3
deals with securing the appropriate authorization from a financial institution
on the purchaser/payor's behalf without the purchaser needing to disclose
personal banking information to the merchant/payee. The authorization
received from the financial institution is provided to the merchant/payee.
In one aspect, the invention is a method of effecting payment
between a payor and a payee in an electronic commerce transaction over
a communication network, comprising the steps of an intermediary
acquiring from the payor personal banking information regarding a financial
institution through which payment is to be effected, the intermediary
providing to the financial institution banking information regarding the
payor and requesting and receiving from the financial institution a payment
or credit authorization, and the intermediary informing the payee of said
payment or credit authorization.
In another aspect, the invention is a method of effecting an
electronic commerce transaction between a purchaser and a merchant
over a communication network, comprising the steps of an intermediary
acquiring from the purchaser personal banking information regarding a
2o financial institution through which payment for the transaction is to be
effected, the purchaser selecting a product or service from the merchant,
the purchaser instructing the intermediary to complete the transaction
according to a method of payment accepted by the selected merchant, the
intermediary informing the merchant that a purchaser wishes to purchase
the selected product or service. The intermediary confirms the desired
transaction with the purchaser, provides the information to the financial
institution, requests and obtains authorization of payment or credit for the
purchase price by the financial institution. The intermediary then informs
CA 02300347 2000-03-10
4
the merchant ,of the authorization. The merchant confirms the purchase
order with the financial institution and the financial institution sends
payment to the merchant.
In yet another aspect, the invention is a method of facilitating
payment in a payor-driven electronic commerce transaction on a
communication network, comprising the steps of forwarding to a financial
institution a request for authorization of payment or credit comprising
personal banking information of the payor, payment amount information, a
1o merchant identification number and a transaction number, receiving from
said financial institution confirmation that an authorization number has
been dispatched to said merchant, and dispatching to a merchant a
transaction number and order information without providing said personal
banking information.
Other aspects of the invention will be more fully appreciated
by reference to the following detailed description of the preferred and
alternative embodiments and to the claims by which the exclusive rights to
2o the invention are defined.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1A and Fig.1 B are a flowchart describing the electronic
commerce business model and method according to the invention;
and,
CA 02300347 2000-03-10
Fig. 2A and Fig.2B are a flowchart describing a second embodiment
of the invention.
5
DETAILED DESCRIPTION OF THE PREFERRED AND ALTERNATIVE
EMBODIMENTS OF THE INVENTION
In the preferred embodiment of the invention, a consumer conducts
to an online transaction by choosing a product or service from a selected
merchant and instructing an intermediary to complete the transaction
according to a method of payment accepted by the selected merchant.
The intermediary confirms the client status of the consumer. The
intermediary confirms the order with the client, provides credit information
to a selected financial institution and requests authorization of payment of
the purchase price by the financial institution to the merchant. If such
payment is authorized by the financial institution, the intermediary informs
the merchant, who confirms the purchase order with the financial
institution. The financial institution sends authorization of payment for the
2o selected goods or services to the merchant. On receipt of authorization of
payment, the merchant delivers the goods or services to the client.
In the preferred embodiment, the intermediary's role is performed by
the intermediary's application server in the Internet environment, and
suitable software is provided to implement the functionality described
below.
CA 02300347 2000-03-10
6
In the preferred embodiment, the system according to the invention
comprises a series of information exchanges. A purchaser operating a
computer, palm pilot, or any other device capable of handling an e-
commerce transaction, visits the web catalog site of a participating
merchant, selects the products or services to be purchased, and clicks on
a virtual button to select payment through the online intermediary. A form
is displayed on the purchaser's Internet access terminal or other device
requesting the purchaser to enter a pin number, password, bio-encrypted
information or other identifier to authenticate the purchaser as a client of
1o the application service provider, and requiring the purchaser to select the
form or method of payment. The information is then forwarded to the
intermediary's application server.
The application server will pull the client's name and address from
the server database and will pull the order information (1 ) from the
merchant site. The application will then assign a unique transaction
number (2) to the transaction. The application server will then obtain from
the participating merchant or from the application server's database the
merchant number used for transactions with the financial institution. Such
2o merchant numbers are typically encrypted for transmission and may be
stored in encrypted form.
The application server will then ask the client if they wish to proceed
with the transaction. If the reply is negative, the transaction will be
aborted.
If the reply is affirmative, the client's encrypted personal credit
information
(4) will be added to the transaction record, obeying the encryption
protocols appropriate to the financial institution which the client has
selected for the payment transaction.
CA 02300347 2000-03-10
7
The application will then configure a credit authorization request
comprising at least the amount of credit to be authorized and the merchant
number. Preferably such request also includes the application-generated
transaction number. In addition, the credit authorization request comprises
one or more of a credit card number, an expiry date, a bank account
number, a personal identification number, a password. It will be
appreciated that the specific nature of the information to be included is a
function of the requirements of the financial institution.
1o The application server will then forward the authorization request to
the financial institution stipulated by the client for authorization. If not
authorized, the transaction will be aborted and the client notified. If the
transaction is authorized, the financial institution will generate an
authorization number (5), the financial institution's unique transaction
number and the application-generated transaction number and will forward
them to the application server. Typically such information is encrypted for
transmission. In such cases the financial institution will enable the
recipients of the information to decrypt that information following Secure
Multipurpose Messaging Extension (S/MIME) or other such standards or
2o protocols.
At this juncture the application server will forward to the merchant
the information received from the financial institution as well as details of
the product order and price, the application-generated transaction number,
the authorization number, and the financial institution's unique transaction
number.
The application server then provides the delivery information to the
merchant from the database of client information in the intermediary's
CA 02300347 2000-03-10
application server. The financial institution will authorize payment to the
merchant and the merchant will deliver the goods to the client.
Where a non-client consumer requests the services of the
intermediary, the purchase is not transacted but the consumer is invited to
apply for client status. Client status is obtained by provision of
identification and financial information by the consumer to the intermediary.
Such information is retrievably stored in a secure database maintained by
the intermediary. The server stores their information in a secure encrypted
to environment.
A consumer seeking client status is required to access a dedicated
server. During a one time "write only" authority session, the consumer
provides identification information and personal financial information for all
methods of payment which they anticipate using on-line. For example, a
consumer may enter account numbers and expiry dates for one or more
credit cards issued by one or more financial institutions, or account
information for one or more debit cards or lines of credit. The securely
stored credit information in the database will be encrypted with a self-
2o destruct mechanism which is interspersed throughout the information and
is part of the information itself such that any illegal copying of the
database
will render the information useless.
Similarly the intermediary application will have ~ read only access
to the encrypted credit information of the client. That access will be so
constructed that the client s personal banking and credit information will
also be rendered useless, unless and only if it is accessed using
CA 02300347 2000-03-10
9
encryption protocols which have been stipulated by the client in selecting
their method of payment. These protocols may but need not conform to
the encryption protocols which different financial institutions may stipulate.
Any changes to a client's personal financial information and
identification information, such as a change of address, cancellation of a
credit card or registration of a new credit card, can only be made upon re-
entry of client information by the duly authenticated client according to the
invention.
The database managed by the intermediary also includes
registration information pertaining to merchants. Merchants registering
with the intermediary would be required to provide and keep current
information in regard to merchant identification and methods of payment
accepted by the merchant. The intermediary would issue each merchant
an encryption protocol for its exclusive use during transactions. The
process also involves the service provider having a relationship with
merchants such that the merchants' banks are willing to provide their
merchants' numbers in an encrypted form for the activity of order
2o processing by the application.
Financial institutions would also be registered with the intermediary.
Registered institutions would be willing to authorize a transaction in
response to a client's request through the intermediary, where such
request includes identification of the client, details of the goods or
services
ordered and their price, a unique transaction number, the identification and
CA 02300347 2000-03-10
encrypted merchant number of the selected merchant and the clients
relevant banking or credit information encrypted according to the selected
financial institution's encryption protocols or as stipulated by the
application.
5
To initiate a transaction, a client must enter an identifier such as a
pin number, password, bio-encryption or other authentication. One of the
increased security systems is that a protocol will permit only three attempts
at entering the correct identifier or identifiers.
In another embodiment of the invention, the business model
according to the invention would permit a client to request by cell phone or
other transmitting device an authorization through the intermediary. The
intermediary would in turn seek authorization on the client's behalf from the
selected financial institution and transmit a transaction identifying number
to the client, who would provide it to the merchant at point of sale, for
example in a retail outlet or restaurant. The merchant would then enter the
transaction number into their credit transaction modem or other such
device to generate an authorization record for the merchant.
Another embodiment of the invention would release payment to the
merchant once delivery had been encryptically confirmed and would
include depositing the funds on hold pending confirmed satisfactory
delivery of the order. Order confirmation could be provided by, but not
limited to any, none or all of the client, the merchant or the delivery
service.
Similarly judgment concerning the satisfactory nature of the goods
themselves could be provided by any, all or none of the client, the
merchant or the delivery service.
CA 02300347 2000-03-10
11
In another embodiment of the invention (illustrated by the flowchart
of Fig. 2), the application makes provision for the fact that the financial
institution may not wish to forward to an intermediary a transaction
authorization and the financial institution's unique transaction number. In
this embodiment, the financial institution dispatches such information
directly to the merchant in response to the authorization request from the
application server. At the same time, the financial institution would return
to the application server the application-generated transaction number
to along with an indication that an authorization number has been dispatched.
The application then sends to the merchant the application-generated
transaction number along with the other information needed by the
merchant to complete the purchase. This preferably includes details of the
product order, price and delivery information.
In stipulating various keys, merchant numbers, authentication and
identification protocols, the present invention does not preclude the
inclusion of such keys, codes, merchant numbers and other such
identifiers as may be mandated by financial institutions, government
2o agencies or any other such regulatory bodies regarding protocols for E-
commerce transactions in differing jurisdictions worldwide.
For example, the preferred and alternative embodiments relate to
obtain credit from a financial institution. However the principles of the
invention also apply with suitable modification to other types of
transactions involving the transfer of payment from a financial institution to
a merchant at the request of a payor. Examples include arranging for the
CA 02300347 2000-03-10
12
debit from a . bank account or the transfer of funds from one financial
institution to another (the second financial institution being substituted for
the merchant).
It will be appreciated that the invention has been described in
relation to the preferred embodiment but that certain variations thereto may
be practised without departing from the spirit and principles of the
invention.
to
