WO2000055777A1 - Method and system for secure on-line shopping - Google Patents

Method and system for secure on-line shopping Download PDF

Info

Publication number
WO2000055777A1
WO2000055777A1 PCT/NO2000/000092 NO0000092W WO0055777A1 WO 2000055777 A1 WO2000055777 A1 WO 2000055777A1 NO 0000092 W NO0000092 W NO 0000092W WO 0055777 A1 WO0055777 A1 WO 0055777A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
payment
vendor
customer
services
Prior art date
Application number
PCT/NO2000/000092
Other languages
French (fr)
Inventor
Ilya Kruglenko
Original Assignee
JØLSTAD, Lars
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JØLSTAD, Lars filed Critical JØLSTAD, Lars
Priority to EP00915594A priority Critical patent/EP1177516A1/en
Priority to AU36833/00A priority patent/AU3683300A/en
Publication of WO2000055777A1 publication Critical patent/WO2000055777A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems

Definitions

  • the present invention relates to a method and a system for secure on-line transactions.
  • the invention relates to such transactions performed over a public communications network such as the Internet.
  • the customer may not know if the vendor can be trusted not to use the credit card information unfairl ⁇ . and whether the vendor stores the credit card information gathered from his customers in a secure manner. In many cases it may turn out to be easier to steal an entire database of credit card information through a break in into a vendor's system than to intercept individual card data transmitted over the Internet.
  • the present invention relates to a payment system that provides customer as well as vendor with higher security without introducing unnecessary burden- some tasks for either.
  • a customer is able to pay for goods or services using his credit card with a greatly reduced risk of having his credit card information compromised.
  • the method provides the vendor with an opportunity to accept credit card payment without actually being registered with each and every operator of credit cards, debit cards, smart cards and the like.
  • credit cards it must be understood that this is intended to cover any kind of credit card, debit card, credit or debit account, smart card or the like.
  • a customer has access to a computer network, such as the Internet, through his computer.
  • a computer network such as the Internet
  • computers Also connected to this computer network is a number of computers containing information regarding goods and/or services offered by any number of providers. E.g. this information can be available through so called web pages set up by the providers, hereinafter referred to as vendors, on computers that act as web servers.
  • vendors the providers
  • web pages set up by the providers, hereinafter referred to as vendors
  • vendors computers that act as web servers.
  • Currently the most common way of presenting such information is through hypertext markup language (html) files (often combined with the use of scripts (Perl/CGI) and Java applets), the hypertext transfer protocol (http) and TCP/IP (Transmission Control Protocol/Internet Protocol).
  • HTML hypertext markup language
  • http Hypertext transfer protocol
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • a customer retrieves information regarding the goods or services offered by a vendor from the computer network, this information will be presented to him on his computer.
  • the customer selects any product or service he wants to purchase, and information regarding this is sent from the customer ' s computer to the vendor ' s computer along with any information necessary for shipment, such as the customer ' s name and address and/or shipment address.
  • This information can be provided by the customer at the time, or it can be stored in his computer ahead of time, always ready to be added to any transmission of ordering information.
  • the customer is already registered with the vendor, the customer ' s name and address may already be stored in the vendor ' s computer, and the customer information transmitted will in this case only include a reference to this information. This may be implemented through a so called cookie stored on the user ' s computer.
  • information required for the processing of the payment is sent back to the customer.
  • This information may include the total amount the customer is supposed to pay. a reference identifying the filed order, a reference identifying the vendor and any other relevant information, such as specification of goods ordered etc.
  • the vendor does not have to be registered with any credit card company, but he must have an account with a payment system that consists of one or more payment centers.
  • the vendor identification identifies the vendor uniquely to this payment system.
  • the customer terminates the connection to the vendor. If the customer is connected to the computer network by a modem, the modem simply hangs up. The customer then enters the necessary payment information, which can for example include credit card number, expiration date. or.
  • a connection is then established between the customer ' s computer and a computer at a designated payment center which constitutes or is part of the above mentioned payment system.
  • This connection is not established over the public computer network used for communication between the customer and the vendor, but through a relatively secure data channel, for example the customer ' s modem dials up a direct connection to the payment center using the public telephone network, and preferably encrypted.
  • the information is sent over a public computer network, but strongly encrypted, and possibly in the form of an e- mail message. The ordering information along with the credit card information is now transferred to the payment center.
  • This information may then include vendor identification, order identification, total amount, customer name, address and credit card information and the customer ' s e- mail address, and constitutes a payment approval request.
  • the payment center directly or through the payment system of which it is part, requests payment authorization from the credit card operator indicated by the customer ' s credit card information, or from some authorization authority approved by the credit card operator.
  • This authorization authority will hereinafter be referred to as the payment authorization system, and this may include a credit card operator, a debit card operator or anyone else with whom the customer has set up some kind of an account, as well as any authority authorized one or more such entities.
  • the payment system is able to choose the relevant authority out of any number of such authorities based on customer information such as for example credit card information.
  • the request is preferably transmitted over a secure connection, such as a dedicated line.
  • the payment system does not receive the requested authorization, the transaction is canceled. Information regarding this could be transmitted to the customer and/or the vendor, or the payment system may simply neglect to respond and the ongoing transaction may be canceled at the customer and vendor locations after a set time limit.
  • the payment system may simply neglect to respond and the ongoing transaction may be canceled at the customer and vendor locations after a set time limit.
  • the payment center does receive the requested authorization, the following actions are performed by the payment system.
  • the payment system transmits a shipment approval to the vendor. It is important that the vendor is able to verity that the shipment approval actually originated with the payment system, so the shipment approval will preferabh be signed digitally. This can be done in a number of s. e.g. through use of a public key/private key system, through some mutual h trusted verification agency or in any other manner of digital signature know n in the art. Since the information transmitted from the payment system to the vendor does not contain confidential information, the connection can be made through a public network such as the Internet. If necessary, the payment system then terminates the connection with the vendor and waits for funds to be transferred from the credit card operator.
  • the vendor delivers the purchased goods or services in exchange for the voucher. If the goods or services purchased are deliverable over the Internet, such as software or information, the exchange can be implemented automatical! ⁇ '. If this is not possible, the customer will hand over the voucher upon delivery of the goods or services.
  • the vendor will of course not have precise knowledge of the voucher in advance. He will however preferably be able to verify that the voucher is indeed issued as part of the relevant transaction. This can be done by including the transaction identification in the voucher, since this will not be known to any third party trying to obtain the goods or services by presenting a false voucher. It is also possible for the payment system to transfer some information relating to the voucher along with the shipment approval, such as the checksum of the voucher number or some other means of verifying that the voucher is a voucher actually relating to the relevant transaction.
  • the vendor transfers the voucher to the payment system, the amount authorized by the credit card company will be transferred to the vendor, possibly less a commission kept by the payment system and any possible fees or royalties to third parties as the result of any licenses or copyrights relating to the product.
  • the ordering information is not sent from the customer computer to the vendor computer directly, but to the payment system along with the payment information.
  • the payment system then forwards this order information to the vendor along with the delivery approval upon receipt of the requested payment authorization, the delivery is then made by the vendor solely based on information received form the payment system.
  • FIG. 1 shows a possible configuration of an on-line shopping system using the method according to the present invention.
  • Fig. 2 shows an alternative configuration of an on-line shopping system where the payment system consists of several local payment centers.
  • Fig. 3 shows a flowchart of the method according to the present invention.
  • Fig. 4 shows a flowchart of an alternative method according to the present invention.
  • a system for on-line shopping includes a customer ' s computer 1 connected to a public network 2 such as the Internet. Also connected to this network is a number of vendors ' computers 3. Only one such computer is shown. These computers contain information presenting goods and/or services available from the vendors, e.g. in the form of web pages. Based on the information available to him in this way. a customer can file an order with the vendor by transmitting this order to the vendor's computer system. This may not necessarily be the same computer used to present the product information; it may also be a different computer set up to handle orders. Included in the on-line shopping system is also a payment system 4.
  • This system is set up to handle payment, and all vendors must be registered with this payment system.
  • a vendor registered with the payment system will receive a unique vendor ID.
  • the system may be a centralized system run by only one operator, or it may be a network of payment centers run by several operators. Of course it may also be run by one operator, but consist of several distributed local payment centers.
  • payment system will be used to refer to the whole payment system whether this is distributed or centralized, and payment center will be used to refer to the local payment center where vendor ' s are registered and to which customers connect, whether such a center constitutes the whole of the payment system or only a part of it.
  • the payment system 4 is able to communicate with one or more payment authorization systems 5.
  • the dotted lines surrounding the payment authorization system 5 shown in Fig. 1 indicates that there may be only one such authorization center, or there may be several, e.g. one for each credit card the payment system is able to accept.
  • the communication channel between the customer computer 1 and the payment system 4 is preferably a relatively secure line, such as a dial up connection using the customers modem l b.
  • the communication channel between the payment system 4 and the payment authorization center is preferably a secure channel such as a dedicated line.
  • the communication channel between the payment system 4 and the vendor computer 3. need normally not be a secure line, and can be a public network such as the Internet.
  • Fig. 2. where a possible alternative configuration of an on-line shopping system is shown. Reference numbers identical to those found in Fig. 1 refer to the same or similar parts of the system.
  • the payment system 4 consists of several local payment centers 1 1. 12 as well as a database 13 and a computer network 14 connecting these.
  • a customer connects to the payment system 4.
  • he connects to his local payment center 1 1 .
  • a vendor w ishing to register with the payment system 4. registers with his local payment center 12. and receives a vendor ID that identifies him uniquely to the payment system 4. It is of course possible for all the local payment centers 1 1.
  • the database may contain all vendor IDs or only a table relating a given vendor ID to the right payment center. Information from the payment system 4 to a given vendor will then be sent to the vendor ' s payment center to be distributed.
  • the network 14 connecting the local payment centers 1 1 , 12 and database(s) 13 that constitutes the payment system 4. will normally not need to be a secure network, since all confidential information is transmitted between the customer computer 1 and the local payment center 1 1 and between the local payment center 1 1 and the payment authorization system 5. It is however possible to modify the payment system by distributing tasks in a different manner, and the need for secure communication may then arise within the payment system. It is for instance possible to let the local payment center connect to the payment authorization center through other computers in the payment system.
  • a potential customer is connected to a public computer network 2 such as the Internet, through his computer 1.
  • a public computer network 2 such as the Internet
  • the customer retrieves information that is available on the network from a vendor computer 3.
  • this information may be presented in the form of HTML documents, or in any other convenient format, and transferred over the computer network by way of any well known protocol, such as TCP/IP.
  • a next step 102 the customer selects any goods and/or services he might be interested in. and transfers order information to the vendor. Again there are several options for transferring this information. If the customer is already registered with the vendor, he may be identified to the vendor e.g. by so called cookies already stored on his computer and the customer may simply click on the items he wants to purchase. Other options include for example filling in an order form with necessary order data such as customer name, address and delivery address, and pressing a send button. The information may be transferred by way of the http protocol, or by any other suitable protocol.
  • the vendor computer 3 receives the order information from the customer computer 1.
  • an order ID is generated and transferred to the customer computer 1 along with a vendor ID. a total amount and any other relevant information.
  • the customer may disconnect from the public computer network 2 that interconnects his computer 1 and the vendor computer 3. This may be done automatically by software running on his computer 1.
  • the customer is ready to pay. he will be presented with a dialog box where he is requested to fill in personal information such as name, address and credit card information (referred to collectively as customer ID in Fig. 3 ).
  • customer ID in Fig. 3 Some of this information may already be present in the information transmitted from the vendor computer to the customer computer, and in that case the customer will only have to supply the information not already available in this way.
  • This payment information may already be stored on the customer computer in a preferably encrypted file. In that case all the customer has to do is to confirm his intention to pay. Alternatively the customer may be registered with the payment system 4 or a payment authorization system 5 with a debit account, a credit account or something similar, but for convenience it will be assumed in the following description that he is paying with a credit card. Actually any combination of information being entered by the customer, information being extracted from the information received from the vendor computer 3. information being pre stored on the customer computer 1 and information being pre stored in the payment system 4 or payment authorization system 5 is possible. The main thing is to make sure that the credit card information is not made available to the vendor and that the order information from the vendor is accurate when processed by the payment system. The payment information entered by the customer, along with the vendor ID, the order ID and the total amount, is then transferred 104 to the payment system 4. preferably in encrypted form.
  • the payment system 4 Upon receiving this information, the payment system 4 requests authorization from the payment authorization system 5 by transferring 105 credit card information and total amount to the payment authorization system 5.
  • the payment authorization system 5 may be one out of many, depending on what system has authority to authorize payment on the credit card specified by the customer.
  • a next step 106 the payment system will either receive the requested authorization, or authorization is denied. If authorization is denied, the transaction is terminated 107. This may be communicated to the user and possibly also the vendor, or the transaction may simply be terminated in the different computers if the transaction does not proceed within a given time. If the transaction is authorized by the payment authorization system 5, the payment system in a next step 108 generates a voucher and transfers this to the customer computer. The connection between the payment system and the customer computer may then be terminated. The payment system also generates a delivery approval and transfers this to the vendor. If the payment system is distributed, the payment center 1 1 that is handling the transaction may have to look up the address of the vendor in a database 13.
  • This address may include a network address for the vendor computer, an actual mail address, an e-mail address, a telefax number or any other vendor address to which the payment system 4 is able to send a message.
  • the payment center 1 1 may be able to retrieve this address directly, or the vendor ID will only refer to the address of another payment center 12. If the latter is the case, the payment center 1 1 handling the transaction will transfer the delivery approval to the payment center 12 referred to by the vendor ID. and this payment center 12 w ill forward the delivery approval to the vendor 3.
  • the delivery approval does not contain confidential information, and may therefore be transferred over a public network such as the Internet.
  • the delivery approval is therefore preferably signed by a digital signature.
  • a digital signature can be generated in a number of well known ways. e.g. by way of a public key/private key encryption algorithm.
  • the vendor delivers goods and/or services to the customer, preferably in exchange for the voucher. If the goods and/or services constitutes information, software or something else that may be transferred over a computer network, this exchange may be done automatically. If not. the goods or services may be exchanged for the voucher manually. In some implementations of the invention it may however be necessary to forego the exchange and simply deliver the goods and/or services simply based on the delivery information and the delivery approval. This might for instance be the case when the delivery address is not the same as the address of the customer.
  • the vendor After receiving the voucher, the vendor transfers 1 10 this to the payment system.
  • the payment system 4 receives the voucher, the funds will be transferred to the vendor, and the transaction is completed. If the vendor has not received the voucher, he will simply make a claim that the delivery has been made. In this case the payment center will credit the vendor for example after a given period of time unless the customer does not make a counterclaim stating that the ordered goods and/or services has not been delivered.
  • Figure 4 shows a flowchart that represents an alternative to the embodiment as described with reference to Fig. 3.
  • the customer receives information from the vendor regarding available goods and/or services as well as prices in a first step 201. This information includes vendor information such as a vendor ID. Based on this information the customer selects 202 goods and/or services he wants to purchase.
  • the customer When the customer is ready to order, he provides the necessary customer information as mentioned above, and this information along w ith the ordering information is transferred 203 to the payment system.
  • the ordering information regarding the ordered product is not filed directly with the vendor, but with the payment system.
  • a next step 204 the payment system requests payment authorization in the same manner as described above. If the payment system receives positive payment authorization information in step 205. a voucher is generated 207 and transferred to the customer computer as described above. Likewise a delivery approval is generated and transferred to the vendor computer, along with the ordering information, such as delivery address and information identifying the ordered goods and/or services.
  • the vendor delivers 208 - the ordered goods and/or services, preferably in exchange for the voucher.
  • the vendor transfers 209 a claim, preferably including the voucher, to the payment center.
  • the payment system then credits 210 the vendor, possibly after a certain period that gives the customer a chance to claim that the goods and/or services have not been delivered.
  • This particular embodiment is particularly convenient when the vendor is selling products that are deliverable over a public computer network such as the Internet.
  • the customer may then download such a product in a trial version, possibly as part of retrieving information from the vendor in step 201. or in advance of the whole process described. This trial version.
  • a product may include computer software, music, data, multimedia presentations etc.
  • the goods actually purchased through the method according to the present invention, and delivered from the vendor after receipt of a delivery approval from the payment system, may then be a key that unlocks the trial version after the expiry of the trial period and converts it to a regular version of the product. It should be pointed out that this scheme may be used also regarding trial versions that are distributed by other means, such as on CD ROM or diskettes.
  • the second embodiment may also be used for any other goods or services as an alternative to the first embodiment. It is important to note some of the security features as well as the flexibility provided by the method according to the present invention. Vendors that wish to offer their products over a computer network such as the Internet only have to set up an account with the payment system, without any approval from credit card companies. The payment system, however, will be registered with credit card companies, and the credit card companies makes the payments to the operator or one of the operators of the payment system. In this way. any company, small or large, or even a private individual, that wishes to sell almost anything over the Internet, may do so fairly simply.
  • the customer may not withhold payment by not handing over the voucher after receiving the ordered goods and/or services.
  • the payment will be held by the payment system until the voucher is received from the vendor. If the vendor does not receive the voucher in exchange for delivered goods, he may make a claim to the payment system, which may then hold the money until any conflict between customer and vendor has been resolved, or the payment system may release the payment to the vendor if the customer does not respond within a given time after having been notified that the vendor demands payment without being able to present the voucher.
  • the customer may make such a claim to the payment system which will then return the funds to the customer, unless the payment system receives the voucher or a claim that delivery has been made from the vendor within a given time. In case of a conflict, the payment system may withhold the funds until the conflict has been resolved.
  • the voucher In order for the vendor to make sure that the voucher he is given in exchange for the goods or services is genuine, the voucher should identify the order ID, since this will not be known to any impostor trying to obtain the goods or services in the name of the actual customer. Additional security can be provided by including with the approval information transferred from the payment system to the vendor, information that allows for the authentication of the voucher.
  • the order information transferred from the vendor computer to the customer computer and forwarded to the payment system by the customer may be tamper proof such that any modification to this information will be detected by the payment system.
  • the delivery approval information transferred from the pay ment system to the vendor may include information on paid amount so that the vendor is able to confirm that the funds held by the payment system corresponds with the total amount for the given order. Any combination of such security functions may also be implemented, so that any transaction containing inaccurate information may be terminated as soon as possible.
  • any number of communication protocols may be used for transferring information between the different computers and systems that perform the method.
  • what above is described as being one computer, for instance the vendor computer, may in fact be several computers that are interconnected by some well known means and that perform different steps of the method.
  • the payment authorization system and the payment system may be operated by the same organization or legal entity, and may even be running on the same system or the same computer. If encryption and/or digital signatures are used, any of the well known algorithms or methods known in the art may be employed as well as future improvements and modifications to such algorithms and methods.
  • Another possible modification that lies within the scope of the invention is to include certain contract information along with the order information transmitted from the vendor computer to the customer computer and forwarded to the payment system.
  • This contract information may specify how a certain amount of the payment should not be credited the vendor, but some third party that collects royalty or some other fee from sales of a given product.
  • the third party e.g. a publishing company, an artist, an inventor or anyone else who owns rights related to the product delivered by the ⁇ endor. will not be dependent on the honesty of the vendor, since all sales w ill involve the payment center.
  • the individual or organization claiming the fee will be able to check that the vendor actually sends the correct contract information as part of the order information simply by placing an order and checking the order information received from the vendor.
  • Funds may be transferred immediately upon receipt of the voucher, or a certain period of time after a claim has been made by the vendor and no counter claim has been made by the customer. It is also possible to wait until funds have actually been transferred from the credit card company to the payment system. A number of modifications to this scheme is possible and will be realized by anyone with the relevant skills for implementing the method according to the invention.

Abstract

A method for performing secure on-line transactions in a system which at least includes one or more customer computers (1), one or more vendor computers (3), a payment system (4) with which the vendors are registered, and a payment authorization system (5), is described. The method includes such steps as transferring information regarding available products from a vendor computer (3) to a customer computer (1), and transferring order information to the vendor computer (3) either directly or by way of the payment center (4). Further the method includes sending payment information from the customer computer (1) to the payment center (4). Following an approval from the payment authorization system (5), the payment system (4) sends a voucher to the customer computer (1), and a delivery approval accompanied by relevant order information to the vendor computer (3). The vendor then delivers the ordered product, possibly in exchange for the voucher. After receiving a claim from the vendor that the delivery has been made, possibly including the voucher, the payment system (4) handles the debiting of the customer and the crediting of the vendor. Also described is a system for implementing the described method.

Description

Method and system for secure on-line shopping
The present invention relates to a method and a system for secure on-line transactions. In particular, the invention relates to such transactions performed over a public communications network such as the Internet.
The phenomenal growth of the Internet has prompted more and more businesses to establish a presence on the Internet, primarily in the form of so called web pages. However, the expected growth of business actually conducted over the Internet has not shown a similar growth, and the main reason for this is that no satisfactory standard for payment of goods and services over the net has been established. Today the most convenient payment method is payment by credit card, but the transmission of card information over the Internet is insecure and is generally discouraged
Figure imgf000003_0001
card operators. Other disadvantages with the use of credit cards over the Internet include the fact that the vendor or service provider with which a customer wants to do business must be registered with the card operator who has issued the customer's credit card in order to be able to accept it. Furthermore, even if the credit card information is transferred to the vendor without being compromised, the customer may not know if the vendor can be trusted not to use the credit card information unfairl} . and whether the vendor stores the credit card information gathered from his customers in a secure manner. In many cases it may turn out to be easier to steal an entire database of credit card information through a break in into a vendor's system than to intercept individual card data transmitted over the Internet.
Alternatives to ordinary credit card payment include different forms of electronic cash and cryptographic systems that simply have turned out to be to complex to appeal to the general customer.
With the systems mentioned above, the disadvantage is usually with the customer. Compromised credit card information, dishonest vendors that charge but do not deliver and goods that are damaged in transit and delivered in a poor condition after payment has been made in full, leaves the customer in a situation where he or she will want to be reimbursed, something that can prove difficult. On the other hand, payment on delivery will often prove dissatisfactory to the vendor who will suffer through late or no payment, or the refusal of the customer to accept the goods.
To complicate matters further, the customer and the vendor often resides in different countries. Any conflict relating to problems as the ones mentioned above will therefore be difficult and expensive to resolve, and due to different legislation in different countries, the parties may not be aware of what rights and duties they actually have.
The present invention relates to a payment system that provides customer as well as vendor with higher security without introducing unnecessary burden- some tasks for either. Through the steps of the method of the invention, a customer is able to pay for goods or services using his credit card with a greatly reduced risk of having his credit card information compromised. At the same time, the method provides the vendor with an opportunity to accept credit card payment without actually being registered with each and every operator of credit cards, debit cards, smart cards and the like. When in the following description reference is made to credit cards, it must be understood that this is intended to cover any kind of credit card, debit card, credit or debit account, smart card or the like.
The particular benefits of the present invention are achieved through the steps described in claim 1. respectively in claim 18. A system for implementing the method is described in claim 35. Additional steps and features are described in the dependent claims.
According to the invention, a customer has access to a computer network, such as the Internet, through his computer. Also connected to this computer network is a number of computers containing information regarding goods and/or services offered by any number of providers. E.g. this information can be available through so called web pages set up by the providers, hereinafter referred to as vendors, on computers that act as web servers. Currently the most common way of presenting such information is through hypertext markup language (html) files (often combined with the use of scripts (Perl/CGI) and Java applets), the hypertext transfer protocol (http) and TCP/IP (Transmission Control Protocol/Internet Protocol). Other ways of making the information available to customers is of course possible, through any number of data formats and communication protocols available. To one skilled in the art it will be obvious that other ways oi" presenting and transferring the relevant information are possible.
When a customer retrieves information regarding the goods or services offered by a vendor from the computer network, this information will be presented to him on his computer. The customer then selects any product or service he wants to purchase, and information regarding this is sent from the customer's computer to the vendor's computer along with any information necessary for shipment, such as the customer's name and address and/or shipment address. This information can be provided by the customer at the time, or it can be stored in his computer ahead of time, always ready to be added to any transmission of ordering information. If the customer is already registered with the vendor, the customer's name and address may already be stored in the vendor's computer, and the customer information transmitted will in this case only include a reference to this information. This may be implemented through a so called cookie stored on the user's computer.
When the vendor receives the ordering information, information required for the processing of the payment is sent back to the customer. This information may include the total amount the customer is supposed to pay. a reference identifying the filed order, a reference identifying the vendor and any other relevant information, such as specification of goods ordered etc. The vendor does not have to be registered with any credit card company, but he must have an account with a payment system that consists of one or more payment centers. The vendor identification identifies the vendor uniquely to this payment system. At this point, the customer terminates the connection to the vendor. If the customer is connected to the computer network by a modem, the modem simply hangs up. The customer then enters the necessary payment information, which can for example include credit card number, expiration date. or. if this information is pre-stored on his computer on a preferably encrypted file, he simply confirms his intention to pay for the goods or services he has just ordered. A connection is then established between the customer's computer and a computer at a designated payment center which constitutes or is part of the above mentioned payment system. This connection is not established over the public computer network used for communication between the customer and the vendor, but through a relatively secure data channel, for example the customer's modem dials up a direct connection to the payment center using the public telephone network, and preferably encrypted. Alternatively the information is sent over a public computer network, but strongly encrypted, and possibly in the form of an e- mail message. The ordering information along with the credit card information is now transferred to the payment center. This information may then include vendor identification, order identification, total amount, customer name, address and credit card information and the customer's e- mail address, and constitutes a payment approval request. After receiving and. if necessary, decrypting this request, the payment center directly or through the payment system of which it is part, requests payment authorization from the credit card operator indicated by the customer's credit card information, or from some authorization authority approved by the credit card operator. This authorization authority will hereinafter be referred to as the payment authorization system, and this may include a credit card operator, a debit card operator or anyone else with whom the customer has set up some kind of an account, as well as any authority authorized one or more such entities. The payment system is able to choose the relevant authority out of any number of such authorities based on customer information such as for example credit card information. The request is preferably transmitted over a secure connection, such as a dedicated line.
If the payment system does not receive the requested authorization, the transaction is canceled. Information regarding this could be transmitted to the customer and/or the vendor, or the payment system may simply neglect to respond and the ongoing transaction may be canceled at the customer and vendor locations after a set time limit. Anyone with ordinary skill will realize that there are a number of ways to cancel the ongoing transaction, and that choosing one over another is simply a matter of implementation.
If on the other hand the payment center does receive the requested authorization, the following actions are performed by the payment system. First a unique voucher is generated by the payment system, based on the relevant transaction data. This voucher is transferred to the customer over the relatively secure line between the customer and his local payment center. This connection is then terminated. The payment system then transmits a shipment approval to the vendor. It is important that the vendor is able to verity that the shipment approval actually originated with the payment system, so the shipment approval will preferabh be signed digitally. This can be done in a number of
Figure imgf000007_0001
s. e.g. through use of a public key/private key system, through some mutual h trusted verification agency or in any other manner of digital signature know n in the art. Since the information transmitted from the payment system to the vendor does not contain confidential information, the connection can be made through a public network such as the Internet. If necessary, the payment system then terminates the connection with the vendor and waits for funds to be transferred from the credit card operator.
Following this, the vendor delivers the purchased goods or services in exchange for the voucher. If the goods or services purchased are deliverable over the Internet, such as software or information, the exchange can be implemented automatical!}'. If this is not possible, the customer will hand over the voucher upon delivery of the goods or services. The vendor will of course not have precise knowledge of the voucher in advance. He will however preferably be able to verify that the voucher is indeed issued as part of the relevant transaction. This can be done by including the transaction identification in the voucher, since this will not be known to any third party trying to obtain the goods or services by presenting a false voucher. It is also possible for the payment system to transfer some information relating to the voucher along with the shipment approval, such as the checksum of the voucher number or some other means of verifying that the voucher is a voucher actually relating to the relevant transaction.
After the vendor transfers the voucher to the payment system, the amount authorized by the credit card company will be transferred to the vendor, possibly less a commission kept by the payment system and any possible fees or royalties to third parties as the result of any licenses or copyrights relating to the product.
In an alternative embodiment, the ordering information is not sent from the customer computer to the vendor computer directly, but to the payment system along with the payment information. The payment system then forwards this order information to the vendor along with the delivery approval upon receipt of the requested payment authorization, the delivery is then made by the vendor solely based on information received form the payment system.
The invention will now be described in further detail by way of examples and with reference to the enclosed drawings. Fig. 1 shows a possible configuration of an on-line shopping system using the method according to the present invention.
Fig. 2 shows an alternative configuration of an on-line shopping system where the payment system consists of several local payment centers.
Fig. 3 shows a flowchart of the method according to the present invention. Fig. 4 shows a flowchart of an alternative method according to the present invention.
Referring now to Fig. 1 , a system for on-line shopping is shown. The system includes a customer's computer 1 connected to a public network 2 such as the Internet. Also connected to this network is a number of vendors' computers 3. Only one such computer is shown. These computers contain information presenting goods and/or services available from the vendors, e.g. in the form of web pages. Based on the information available to him in this way. a customer can file an order with the vendor by transmitting this order to the vendor's computer system. This may not necessarily be the same computer used to present the product information; it may also be a different computer set up to handle orders. Included in the on-line shopping system is also a payment system 4. This system is set up to handle payment, and all vendors must be registered with this payment system. A vendor registered with the payment system will receive a unique vendor ID. The system may be a centralized system run by only one operator, or it may be a network of payment centers run by several operators. Of course it may also be run by one operator, but consist of several distributed local payment centers. In the following description, payment system will be used to refer to the whole payment system whether this is distributed or centralized, and payment center will be used to refer to the local payment center where vendor's are registered and to which customers connect, whether such a center constitutes the whole of the payment system or only a part of it. The payment system 4 is able to communicate with one or more payment authorization systems 5. The dotted lines surrounding the payment authorization system 5 shown in Fig. 1 indicates that there may be only one such authorization center, or there may be several, e.g. one for each credit card the payment system is able to accept.
The communication channel between the customer computer 1 and the payment system 4 is preferably a relatively secure line, such as a dial up connection using the customers modem l b. The communication channel between the payment system 4 and the payment authorization center is preferably a secure channel such as a dedicated line. The communication channel between the payment system 4 and the vendor computer 3. however, need normally not be a secure line, and can be a public network such as the Internet.
Reference is now made to Fig. 2. where a possible alternative configuration of an on-line shopping system is shown. Reference numbers identical to those found in Fig. 1 refer to the same or similar parts of the system. In this configuration, the payment system 4 consists of several local payment centers 1 1. 12 as well as a database 13 and a computer network 14 connecting these. In this case, when a customer connects to the payment system 4. he connects to his local payment center 1 1 . In this way he will only have to dial a local number if the connection to the payment system 4 is a dial up connection. A vendor w ishing to register with the payment system 4. registers with his local payment center 12. and receives a vendor ID that identifies him uniquely to the payment system 4. It is of course possible for all the local payment centers 1 1. 12 to distribute all the vendor IDs they have allocated to all the other payment centers 1 1. 12. so that all local payment centers at all times have a complete list of all registered vendors. However, it is also possible to store this information in one or more databases 13 accessible by the payment centers 1 1. 12. In this case, the database may contain all vendor IDs or only a table relating a given vendor ID to the right payment center. Information from the payment system 4 to a given vendor will then be sent to the vendor's payment center to be distributed.
The network 14 connecting the local payment centers 1 1 , 12 and database(s) 13 that constitutes the payment system 4. will normally not need to be a secure network, since all confidential information is transmitted between the customer computer 1 and the local payment center 1 1 and between the local payment center 1 1 and the payment authorization system 5. It is however possible to modify the payment system by distributing tasks in a different manner, and the need for secure communication may then arise within the payment system. It is for instance possible to let the local payment center connect to the payment authorization center through other computers in the payment system.
Referring now to Fig. 3. the method according to the present invention will be described in detail. A potential customer is connected to a public computer network 2 such as the Internet, through his computer 1. In a first step 101. the customer retrieves information that is available on the network from a vendor computer 3. As already mentioned, this information may be presented in the form of HTML documents, or in any other convenient format, and transferred over the computer network by way of any well known protocol, such as TCP/IP.
In a next step 102, the customer selects any goods and/or services he might be interested in. and transfers order information to the vendor. Again there are several options for transferring this information. If the customer is already registered with the vendor, he may be identified to the vendor e.g. by so called cookies already stored on his computer and the customer may simply click on the items he wants to purchase. Other options include for example filling in an order form with necessary order data such as customer name, address and delivery address, and pressing a send button. The information may be transferred by way of the http protocol, or by any other suitable protocol.
When in a following step 103 the vendor computer 3 receives the order information from the customer computer 1. an order ID is generated and transferred to the customer computer 1 along with a vendor ID. a total amount and any other relevant information. When the customer has received this information, he may disconnect from the public computer network 2 that interconnects his computer 1 and the vendor computer 3. This may be done automatically by software running on his computer 1. When the customer is ready to pay. he will be presented with a dialog box where he is requested to fill in personal information such as name, address and credit card information (referred to collectively as customer ID in Fig. 3 ). Some of this information may already be present in the information transmitted from the vendor computer to the customer computer, and in that case the customer will only have to supply the information not already available in this way. At the very least this will include his credit card information. This payment information may already be stored on the customer computer in a preferably encrypted file. In that case all the customer has to do is to confirm his intention to pay. Alternatively the customer may be registered with the payment system 4 or a payment authorization system 5 with a debit account, a credit account or something similar, but for convenience it will be assumed in the following description that he is paying with a credit card. Actually any combination of information being entered by the customer, information being extracted from the information received from the vendor computer 3. information being pre stored on the customer computer 1 and information being pre stored in the payment system 4 or payment authorization system 5 is possible. The main thing is to make sure that the credit card information is not made available to the vendor and that the order information from the vendor is accurate when processed by the payment system. The payment information entered by the customer, along with the vendor ID, the order ID and the total amount, is then transferred 104 to the payment system 4. preferably in encrypted form.
Upon receiving this information, the payment system 4 requests authorization from the payment authorization system 5 by transferring 105 credit card information and total amount to the payment authorization system 5. The payment authorization system 5 may be one out of many, depending on what system has authority to authorize payment on the credit card specified by the customer.
In a next step 106. the payment system will either receive the requested authorization, or authorization is denied. If authorization is denied, the transaction is terminated 107. This may be communicated to the user and possibly also the vendor, or the transaction may simply be terminated in the different computers if the transaction does not proceed within a given time. If the transaction is authorized by the payment authorization system 5, the payment system in a next step 108 generates a voucher and transfers this to the customer computer. The connection between the payment system and the customer computer may then be terminated. The payment system also generates a delivery approval and transfers this to the vendor. If the payment system is distributed, the payment center 1 1 that is handling the transaction may have to look up the address of the vendor in a database 13. This address may include a network address for the vendor computer, an actual mail address, an e-mail address, a telefax number or any other vendor address to which the payment system 4 is able to send a message. Based on the vendor ID the payment center 1 1 may be able to retrieve this address directly, or the vendor ID will only refer to the address of another payment center 12. If the latter is the case, the payment center 1 1 handling the transaction will transfer the delivery approval to the payment center 12 referred to by the vendor ID. and this payment center 12 w ill forward the delivery approval to the vendor 3. The delivery approval does not contain confidential information, and may therefore be transferred over a public network such as the Internet. However, it is important that the vendor is able to verify that the delivery approval was sent by the payment system 4 and not by any dishonest customer other unauthorized source. The delivery approval is therefore preferably signed by a digital signature. Such a signature can be generated in a number of well known ways. e.g. by way of a public key/private key encryption algorithm.
In the following step 109. the vendor delivers goods and/or services to the customer, preferably in exchange for the voucher. If the goods and/or services constitutes information, software or something else that may be transferred over a computer network, this exchange may be done automatically. If not. the goods or services may be exchanged for the voucher manually. In some implementations of the invention it may however be necessary to forego the exchange and simply deliver the goods and/or services simply based on the delivery information and the delivery approval. This might for instance be the case when the delivery address is not the same as the address of the customer.
After receiving the voucher, the vendor transfers 1 10 this to the payment system. When the payment system 4 receives the voucher, the funds will be transferred to the vendor, and the transaction is completed. If the vendor has not received the voucher, he will simply make a claim that the delivery has been made. In this case the payment center will credit the vendor for example after a given period of time unless the customer does not make a counterclaim stating that the ordered goods and/or services has not been delivered. Figure 4 shows a flowchart that represents an alternative to the embodiment as described with reference to Fig. 3. According to this embodiment, the customer receives information from the vendor regarding available goods and/or services as well as prices in a first step 201. This information includes vendor information such as a vendor ID. Based on this information the customer selects 202 goods and/or services he wants to purchase.
When the customer is ready to order, he provides the necessary customer information as mentioned above, and this information along w ith the ordering information is transferred 203 to the payment system. In this case the ordering information regarding the ordered product is not filed directly with the vendor, but with the payment system.
In a next step 204 the payment system requests payment authorization in the same manner as described above. If the payment system receives positive payment authorization information in step 205. a voucher is generated 207 and transferred to the customer computer as described above. Likewise a delivery approval is generated and transferred to the vendor computer, along with the ordering information, such as delivery address and information identifying the ordered goods and/or services.
After the vendor receives the order information and the delivery approval, the rest of the process proceeds as described above. The vendor delivers 208 - the ordered goods and/or services, preferably in exchange for the voucher. After having made the delivery, the vendor transfers 209 a claim, preferably including the voucher, to the payment center. The payment system then credits 210 the vendor, possibly after a certain period that gives the customer a chance to claim that the goods and/or services have not been delivered. This particular embodiment is particularly convenient when the vendor is selling products that are deliverable over a public computer network such as the Internet. The customer may then download such a product in a trial version, possibly as part of retrieving information from the vendor in step 201. or in advance of the whole process described. This trial version. preferably along with the vendor information and price information, may be downloaded from any location, not necessarily from a computer operated by the vendor. (For the purposes of this description, such a computer will still be referred to as a vendor computer simply because it contains information from the vendor.) Such a product may include computer software, music, data, multimedia presentations etc. The goods actually purchased through the method according to the present invention, and delivered from the vendor after receipt of a delivery approval from the payment system, may then be a key that unlocks the trial version after the expiry of the trial period and converts it to a regular version of the product. It should be pointed out that this scheme may be used also regarding trial versions that are distributed by other means, such as on CD ROM or diskettes. And of course the second embodiment may also be used for any other goods or services as an alternative to the first embodiment. It is important to note some of the security features as well as the flexibility provided by the method according to the present invention. Vendors that wish to offer their products over a computer network such as the Internet only have to set up an account with the payment system, without any approval from credit card companies. The payment system, however, will be registered with credit card companies, and the credit card companies makes the payments to the operator or one of the operators of the payment system. In this way. any company, small or large, or even a private individual, that wishes to sell almost anything over the Internet, may do so fairly simply. Furthermore, since funds are transferred from the credit card company to the payment system, the customer may not withhold payment by not handing over the voucher after receiving the ordered goods and/or services. The payment will be held by the payment system until the voucher is received from the vendor. If the vendor does not receive the voucher in exchange for delivered goods, he may make a claim to the payment system, which may then hold the money until any conflict between customer and vendor has been resolved, or the payment system may release the payment to the vendor if the customer does not respond within a given time after having been notified that the vendor demands payment without being able to present the voucher. On the other hand, if the customer never receives the ordered goods and/or services, he may make such a claim to the payment system which will then return the funds to the customer, unless the payment system receives the voucher or a claim that delivery has been made from the vendor within a given time. In case of a conflict, the payment system may withhold the funds until the conflict has been resolved. In order for the vendor to make sure that the voucher he is given in exchange for the goods or services is genuine, the voucher should identify the order ID, since this will not be known to any impostor trying to obtain the goods or services in the name of the actual customer. Additional security can be provided by including with the approval information transferred from the payment system to the vendor, information that allows for the authentication of the voucher. This may be in the form of a part of the voucher that may not be generated by an impostor, by a checksum that is generated from the
Figure imgf000015_0001
that
Figure imgf000015_0002
be used to decrypt information hidden in the voucher. To prevent the customer from changing the amount before transferring the payment information to the payment system, the order information transferred from the vendor computer to the customer computer and forwarded to the payment system by the customer may be tamper proof such that any modification to this information will be detected by the payment system. Alternatively, the delivery approval information transferred from the pay ment system to the vendor may include information on paid amount so that the vendor is able to confirm that the funds held by the payment system corresponds with the total amount for the given order. Any combination of such security functions may also be implemented, so that any transaction containing inaccurate information may be terminated as soon as possible.
Several modifications to the method as described above may be made within the scope of the present invention. For instance, any number of communication protocols may be used for transferring information between the different computers and systems that perform the method. Further, what above is described as being one computer, for instance the vendor computer, may in fact be several computers that are interconnected by some well known means and that perform different steps of the method. It should also be noted that the payment authorization system and the payment system may be operated by the same organization or legal entity, and may even be running on the same system or the same computer. If encryption and/or digital signatures are used, any of the well known algorithms or methods known in the art may be employed as well as future improvements and modifications to such algorithms and methods.
Another possible modification that lies within the scope of the invention is to include certain contract information along with the order information transmitted from the vendor computer to the customer computer and forwarded to the payment system. This contract information may specify how a certain amount of the payment should not be credited the vendor, but some third party that collects royalty or some other fee from sales of a given product. In this case the third party, e.g. a publishing company, an artist, an inventor or anyone else who owns rights related to the product delivered by the \ endor. will not be dependent on the honesty of the vendor, since all sales w ill involve the payment center. Further, the individual or organization claiming the fee will be able to check that the vendor actually sends the correct contract information as part of the order information simply by placing an order and checking the order information received from the vendor.
Regarding the actual transfer of funds to the vendor, this is mainly a matter of how the parties operating the method according to the present invention agree to operate. Funds may be transferred immediately upon receipt of the voucher, or a certain period of time after a claim has been made by the vendor and no counter claim has been made by the customer. It is also possible to wait until funds have actually been transferred from the credit card company to the payment system. A number of modifications to this scheme is possible and will be realized by anyone with the relevant skills for implementing the method according to the invention.

Claims

1 . Method for performing on-line transactions in a system which at least includes one or more customer computers, one or more vendor computers, a payment system with which the vendors are registered, and a payment authorization system, the method comprising the steps of transferring information regarding available goods and/or services from a vendor computer to a customer computer over a first communication channel. transferring information regarding goods and/or services to be ordered as well as customer information and delivery information necessary for the delivery of the goods and/or services, from said customer computer to said vendor computer over said first communication channel. transferring information regarding payment of the ordered goods and/or services, including information identifying the particular order and the particular vendor, from said vendor computer to said customer computer over said first communication channel, transferring information regarding payment settlement including customer identification, vendor identification and order identification as well as amount to be paid, from said customer computer to a payment system over a second communication channel. transferring a request for a payment authorization including amount to be paid and customer identification, from said payment system to a payment authorization system over a third communication channel. terminating the transaction if no such authorization is received from the payment authorization system, or after receiving such authorization, generating information representing a voucher that indicates that the customer has provided payment for the transaction identified by said order identification, and transferring this information from the payment system to the customer computer over said second computer channel, generating information approving delivery of the ordered goods and/or services and transferring this information from the payment system to said vendor computer over a fourth communication channel, and debiting the customer for said amount to be paid. delivering the ordered goods and/or services from the vendor in accordance with the delivery information. transferring a claim that the goods and/or services have been delivered, from the vendor to the payment system, and crediting the vendor after receipt of said claim by the payment system.
2. Method according to claim 1 , wherein said first communication channel is a public computer network such as the Internet.
3. Method according to claim 1 , wherein said second communication channel is a relatively secure channel such as a dial up connection over the public telephone network.
4. Method according to claim 1 , wherein said second communication channel is a public computer network such as the Internet.
5. Method according to claim 1 , wherein said third communication channel is a secure channel such as a dedicated line.
6. Method according to claim 1 , wherein said fourth communication channel is a public computer network such as the Internet.
7. Method according to claim 1. wherein the customer information transferred from the customer computer to the payment system includes credit card information or similar information identifying a customer debit account or a customer credit account.
8. Method according to claim 1. wherein the information transferred from the customer computer to the payment system is encrypted.
9. Method according to claim 1 , wherein the payment system is constituted by one payment center, with which all vendors must be registered.
10. Method according to claim 1 , wherein the payment system consists of several payment centers that are geographically widespread but interconnected so that vendors need only be registered with a local payment center, the information regarding any vendor being available to other payment centers through said interconnection.
1 1. Method according to claim 1. wherein the information representing the voucher includes information uniquely identifying the ongoing transaction.
12. Method according to claim 1 , wherein the delivery of the goods and/or services from the vendor is done in exchange for the voucher.
13. Method according to claim 12, wherein the claim that the goods and/or services have been delivered, includes the voucher received in exchange for the goods and/or services.
14. Method according to claim 12, wherein the step of generating information approving delivery of the ordered goods and/or services includes a step of generating information that can be used to verify the authenticity of the information representing the voucher, such as a checksum, a part of the voucher information, or a key for decrypting information hidden in the voucher.
15. Method according to claim 1 , wherein the step of generating information approving delivery of the ordered goods and/or services includes a step of generating a digital signature that enables the vendor to confirm that the approval originated with the payment system.
16. Method according to claim 1 , wherein the information regarding payment of the ordered goods and/or services transferred from said vendor computer to said customer computer, further includes information regarding a contract between the vendor and a third party, said contract information being forwarded from the customer computer to the payment system along with the payment settlement information, and the step of crediting the vendor includes a step of crediting said third party based on said contract information.
17. Method for performing on-line transactions in a system which at least includes one or more customer computers, one or more vendor computers, a payment system with which the vendors are registered, and a payment authorization system, the method comprising the steps of transferring information regarding available goods and/or services as well as information identifying the particular vendor of any such goods and/or services from a vendor computer to a customer computer over a first communication channel, transferring information regarding goods and/or services to be ordered including vendor information and amount to be paid, as well as customer information and delivery information necessary for the delivery of the goods and/or services including customer identification, from said customer computer to a payment system over a second communication channel, transferring a request for a payment authorization including amount to be paid and customer identification, from said payment system to a payment authorization system over a third communication channel. terminating the transaction if no such authorization is received from the payment authorization system, or after receiving such authorization, generating information representing a voucher that indicates that the customer has provided payment for the transaction identified by said order identification, and transferring this information from the payment system to the customer computer over said second computer channel, generating information approving delivery of the ordered goods and/or services and transferring this information along with information regarding goods and/or services ordered and customer information and delivery information necessary for the delivery of the ordered goods and/or services from the payment system to said vendor computer over a fourth communication channel, and debiting the customer for said amount to be paid, delivering the ordered goods and/or services from the vendor in accordance with the delivery information, transferring a claim that the goods and/or services have been delivered, from the vendor to the payment system, and crediting the vendor after receipt of said claim by the payment system.
18. Method according to claim 17, wherein the goods and/or services to be purchased is a key that will unlock a trial version of another product after the trial period for said other product has expired.
19. Method according to claim 17, wherein said first communication channel is a public computer network such as the Internet.
20. Method according to claim 17. wherein said second communication channel is a relatively secure channel such as a dial up connection over the public telephone network.
21. Method according to claim 17. wherein said second communication channel is a public computer network such as the Internet.
22. Method according to claim 17, wherein said third communication channel is a secure channel such as a dedicated line.
23. Method according to claim 17. wherein said fourth communication channel is a public computer network such as the Internet.
24. Method according to claim 17. wherein the customer information transferred from the customer computer to the payment system includes credit card information or similar information identifying a customer debit account or a customer credit account.
25. Method according to claim 17. wherein the information transferred from the customer computer to the payment system is encrypted.
26. Method according to claim 17, wherein the payment system is constituted by one payment center, with which all vendors must be registered.
27. Method according to claim 17, wherein the payment system consists of several payment centers that are geographically widespread but interconnected so that vendors need only be registered with a local payment center, the information regarding any vendor being available to other payment centers through said interconnection.
28. Method according to claim 17, wherein the information representing the voucher includes information uniquely identifying the ongoing transaction.
29. Method according to claim 17, wherein the delivery of the goods and/or services from the vendor is done in exchange for the voucher.
30. Method according to claim 29. wherein the claim that the goods and/or services have been delivered, includes the voucher received in exchange for the goods and/or services.
31. Method according to claim 29, wherein the step of generating information approving delivery of the ordered goods and/or services includes a step of generating information that can be used to verify the authenticity of the information representing the voucher, such as a checksum, a part of the voucher information, or a key for decrypting information hidden in the voucher.
32. Method according to claim 17, wherein the step of generating information approving delivery of the ordered goods and/or services includes a step of generating a digital signature that enables the vendor to confirm that the approval originated with the payment system.
33. Method according to claim 17. wherein the information regarding available goods and/or services transferred from said vendor computer to said customer computer further includes information regarding a contract between the vendor and a third party, said contract information being forwarded from the customer computer to the payment system along with the ordering information, and the step of crediting the vendor includes a step of crediting said third party based on said contract information.
34. System for performing secure on-line transactions, comprising one or more vendor computers connected to a public computer network and including means for storing information regarding goods and/or services offered by a vendor, means for upon request sending said information over said public computer network, means for receiving orders for goods and/or services, means for receiving information representing a delivery approval relating to a given order, and means for sending a claim that the delivery of the ordered goods and/or services has been made, one or more customer computers connected to a public computer network and including means for retrieving information regarding goods and/or services from said public computer network, means for sending information regarding an order for goods and/or services, and means for sending payment information including customer information, vendor information, order information and total amount, a payment system including means for receiving said payment information, means for identifying a vendor address directly or indirectly based on the vendor information, means for requesting payment authorization information based on said customer information and said total amount, means for. upon receipt of positive payment authorization information, generating a voucher relating to said order information and transferring this voucher to the customer computer and generating delivery approval information and sending this to the vendor address identified by the vendor information, or terminating the transaction upon receipt of negative payment authorization, and means for receiving a claim that the delivery of the ordered goods and/or services has been made, and a payment authorization system including means for receiving payment authorization requests including customer information and a total amount to be paid, means for generating payment authorization information based on said customer information and said total amount, and means for sending said payment authorization information.
35. System according to claim 34, wherein said vendor computer further includes means for generating order information including said vendor information and a total amount, and said customer computer further includes means for receiving said order information from the vendor computer.
36. System according to claim 34, wherein said payment system further includes means for receiving order information from said customer computer and means for forwarding this order information to the vendor computer along with said delivery approval information upon receipt of positive payment authorization.
37. System according to claim 34, wherein said payment system is connected to said public computer network.
38. System according to claim 34, wherein said customer computer includes means for establishing a communication channel between the customer computer and the payment system that is separate from said public computer network.
39. System according to claim 34, wherein the payment system is connected to the payment authorization channel through a communication channel that is separate from the communication said public computer network, such as a dedicated line.
40. System according to claim 34, wherein the customer computer further includes means for encrypting any information transferred from said customer computer to the payment center.
41. System according to claim 34, wherein the vendor computer further includes means for receiving said voucher from said customer computer in exchange for the delivery of the ordered goods and/or services and means for forwarding this voucher to the payment system as part of the claim that the delivery of the ordered goods and/or services has been made.
42. System according to claim 34, wherein the payment system further includes means for generating information that can be used to verify the authenticity of the information representing the voucher, such as a checksum, a part of the voucher information or a key for decrypting information hidden in the voucher, as well as means for sending this information as part of the delivery approval information.
43. System according to claim 34, wherein the payment system further includes means for generating a digital signature that enables the vendor to confirm that the approval information originated with the payment system.
44. System according to claim 34, wherein the payment system further includes means for debiting the customer and crediting the vendor in accordance with the payment information and any additional information including commissions and fees.
45. System according to claim 44. wherein said payment information includes additional information regarding fees to any third party and said payment system further includes means for crediting said third parties in accordance with said additional information.
PCT/NO2000/000092 1999-03-16 2000-03-16 Method and system for secure on-line shopping WO2000055777A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP00915594A EP1177516A1 (en) 1999-03-16 2000-03-16 Method and system for secure on-line shopping
AU36833/00A AU3683300A (en) 1999-03-16 2000-03-16 Method and system for secure on-line shopping

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO19991278 1999-03-16
NO19991278A NO311468B1 (en) 1999-03-16 1999-03-16 Procedure and system for secure e-commerce

Publications (1)

Publication Number Publication Date
WO2000055777A1 true WO2000055777A1 (en) 2000-09-21

Family

ID=19903094

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2000/000092 WO2000055777A1 (en) 1999-03-16 2000-03-16 Method and system for secure on-line shopping

Country Status (4)

Country Link
EP (1) EP1177516A1 (en)
AU (1) AU3683300A (en)
NO (1) NO311468B1 (en)
WO (1) WO2000055777A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1139313A2 (en) * 2000-03-30 2001-10-04 Fujitsu Limited Automated transaction apparatus
DE10049164A1 (en) * 2000-09-27 2002-04-18 H A S E Hamburger Anwendungs & Secure method for undertaking online transactions with a customer sent a cipher when his order is placed, that it then matched by his bank with a cipher furnished by the supplier before payment is cleared
EP1202195A1 (en) * 2000-09-27 2002-05-02 H.A.S.E. Hamburger Anwendungs- & Systementwicklung GmbH & Co.KG Method for securely performing an electronic payment transaction
EP1213689A2 (en) 2000-12-07 2002-06-12 Fiducia AG Karlsruhe/Stuttgart Method for automatic processing of payment operations in electronic commerce and corresponding device
EP1213690A2 (en) * 2000-12-06 2002-06-12 AT&T Corp. Efficient and secure bill payment method and system via mobile IP terminals
EP1239391A2 (en) * 2001-02-23 2002-09-11 Hewlett Packard Company, a Delaware Corporation Conducting transactions
WO2002089076A2 (en) * 2000-12-22 2002-11-07 Cqr Technologies Limited A transaction and logistics integrated management system (talisman) for secure credit card payment and verified transaction delivery
EP1348191A2 (en) * 2000-11-06 2003-10-01 I-Tran Systems (Proprietary) Limited A data processing system
FR2912579A1 (en) * 2007-02-09 2008-08-15 Ahmed Djoudi SECURE TRANSFER METHOD THROUGH A MONETARY FLOW COMMUNICATION NETWORK, TRANSFER SYSTEM AND PROGRAM PRODUCT THEREOF
US8112328B2 (en) 2001-11-05 2012-02-07 Hewlett-Packard Development Company, L.P. Secure and mediated access for E-services
WO2013158081A1 (en) * 2012-04-17 2013-10-24 Intel Corporation Dynamic payment service
US8595131B2 (en) 2001-07-26 2013-11-26 Giesecke & Devrient Gmbh Method for paying for a service offered by means of a data network
WO2018089200A1 (en) * 2016-11-11 2018-05-17 Mastercard International Incorporated Systems and methods of improved electronic messaging
US11562356B2 (en) 2014-05-07 2023-01-24 Mastercard International Incorporated Systems and methods for communicating liability acceptance with payment card transactions

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998022915A1 (en) * 1996-11-20 1998-05-28 British Telecommunications Public Limited Company Transaction system
US5822737A (en) * 1996-02-05 1998-10-13 Ogram; Mark E. Financial transaction system
WO1999008218A1 (en) * 1997-08-11 1999-02-18 Trivnet Ltd. A retail method over a wide area network
US5903880A (en) * 1996-07-19 1999-05-11 Biffar; Peter C. Self-contained payment system with circulating digital vouchers

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5822737A (en) * 1996-02-05 1998-10-13 Ogram; Mark E. Financial transaction system
US5903880A (en) * 1996-07-19 1999-05-11 Biffar; Peter C. Self-contained payment system with circulating digital vouchers
WO1998022915A1 (en) * 1996-11-20 1998-05-28 British Telecommunications Public Limited Company Transaction system
WO1999008218A1 (en) * 1997-08-11 1999-02-18 Trivnet Ltd. A retail method over a wide area network

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1139313A3 (en) * 2000-03-30 2002-05-29 Fujitsu Limited Automated transaction apparatus
EP1139313A2 (en) * 2000-03-30 2001-10-04 Fujitsu Limited Automated transaction apparatus
US6928420B1 (en) 2000-03-30 2005-08-09 Fujitsu Limited Automated transaction apparatus
DE10049164A1 (en) * 2000-09-27 2002-04-18 H A S E Hamburger Anwendungs & Secure method for undertaking online transactions with a customer sent a cipher when his order is placed, that it then matched by his bank with a cipher furnished by the supplier before payment is cleared
EP1202195A1 (en) * 2000-09-27 2002-05-02 H.A.S.E. Hamburger Anwendungs- & Systementwicklung GmbH & Co.KG Method for securely performing an electronic payment transaction
EP1348191A2 (en) * 2000-11-06 2003-10-01 I-Tran Systems (Proprietary) Limited A data processing system
EP1348191A4 (en) * 2000-11-06 2005-03-09 Tran Systems Proprietary Ltd I A data processing system
EP1213690A2 (en) * 2000-12-06 2002-06-12 AT&T Corp. Efficient and secure bill payment method and system via mobile IP terminals
EP1213690A3 (en) * 2000-12-06 2004-04-07 AT&T Corp. Efficient and secure bill payment method and system via mobile IP terminals
EP1213689B1 (en) * 2000-12-07 2012-12-26 Giropay GmbH Method for automatic processing of payment operations in electronic commerce and corresponding device
EP1213689A2 (en) 2000-12-07 2002-06-12 Fiducia AG Karlsruhe/Stuttgart Method for automatic processing of payment operations in electronic commerce and corresponding device
WO2002089076A2 (en) * 2000-12-22 2002-11-07 Cqr Technologies Limited A transaction and logistics integrated management system (talisman) for secure credit card payment and verified transaction delivery
WO2002089076A3 (en) * 2000-12-22 2003-12-24 Cqr Technologies Ltd A transaction and logistics integrated management system (talisman) for secure credit card payment and verified transaction delivery
EP1239391A3 (en) * 2001-02-23 2002-11-06 Hewlett Packard Company, a Delaware Corporation Conducting transactions
EP1239391A2 (en) * 2001-02-23 2002-09-11 Hewlett Packard Company, a Delaware Corporation Conducting transactions
US7113930B2 (en) 2001-02-23 2006-09-26 Hewlett-Packard Development Company, L.P. Conducting transactions
US8595131B2 (en) 2001-07-26 2013-11-26 Giesecke & Devrient Gmbh Method for paying for a service offered by means of a data network
US8112328B2 (en) 2001-11-05 2012-02-07 Hewlett-Packard Development Company, L.P. Secure and mediated access for E-services
WO2008101819A1 (en) * 2007-02-09 2008-08-28 Ahmed Djoudi Method for the secured transfer of a monetary flow via a communication network, and corresponding transfer system and software product
FR2912579A1 (en) * 2007-02-09 2008-08-15 Ahmed Djoudi SECURE TRANSFER METHOD THROUGH A MONETARY FLOW COMMUNICATION NETWORK, TRANSFER SYSTEM AND PROGRAM PRODUCT THEREOF
WO2013158081A1 (en) * 2012-04-17 2013-10-24 Intel Corporation Dynamic payment service
US9141946B2 (en) 2012-04-17 2015-09-22 Intel Corporation Dynamic payment service
US11562356B2 (en) 2014-05-07 2023-01-24 Mastercard International Incorporated Systems and methods for communicating liability acceptance with payment card transactions
WO2018089200A1 (en) * 2016-11-11 2018-05-17 Mastercard International Incorporated Systems and methods of improved electronic messaging
US10482468B2 (en) 2016-11-11 2019-11-19 Mastercard International Incorporated Systems and methods of improved electronic messaging

Also Published As

Publication number Publication date
NO991278L (en) 2000-09-18
AU3683300A (en) 2000-10-04
NO311468B1 (en) 2001-11-26
NO991278D0 (en) 1999-03-16
EP1177516A1 (en) 2002-02-06

Similar Documents

Publication Publication Date Title
AU777762B2 (en) Electronic transactions and payments system
US8996423B2 (en) Authentication for a commercial transaction using a mobile module
AU2006236243B2 (en) Network commercial transactions
US6675153B1 (en) Transaction authorization system
US7734527B2 (en) Method and apparatus for making secure electronic payments
JP3133243B2 (en) Online shopping system
US20060235795A1 (en) Secure network commercial transactions
US20030208406A1 (en) Method and apparatus for processing one or more value bearing instruments
US20010032878A1 (en) Method and system for making anonymous electronic payments on the world wide web
US20040128257A1 (en) Method and apparatus for administering one or more value bearing instruments
EP1062560A1 (en) Automatically invoked intermediation process for network purchases
JP2942478B2 (en) Network billing method
PL179928B1 (en) Method of carrying on open lectronic trade
JP2003531447A (en) Methods and systems for virtual safety
JPH11511876A (en) Electronic payment method for purchasing related transactions on computer network
US6868402B1 (en) Document transmit system and document transmitting method
EP1177516A1 (en) Method and system for secure on-line shopping
JPH10171887A (en) On-line shopping system
US20040078331A1 (en) Payment system using electronic stamps
US20040029566A1 (en) Method and apparatus for controlling or monitoring access to the content of a telecommunicable data file
WO1997019414A1 (en) Computer network value payment system
US20030187797A1 (en) Method for issuing and settling electronic check
US20030061164A1 (en) Intellectual property brokerage system and method
KR20200003973A (en) Cryptocurrency transaction system and method of cryptocurrency transaction service
EP1360663A2 (en) Method and apparatus for processing one or more value bearing instruments

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2000915594

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 2000915594

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2000915594

Country of ref document: EP