1. Field of the Invention
The present invention generally relates to a method and system for effecting transactions over any public network such as the Internet, wireless network, or any other medium of non-secure communication without submission of private information, credit card and other personal information.
2. Problem to be Solved
E-commerce catalog shopping represents an increasing part of the economy. The growth in its popularity can in part be explained because consumers have learned that goods purchased from a catalog are often much less expensive than if purchased through a normal retail store. In addition, because a customer can shop without leaving the comfort of home or office, placing an order for merchandise from a catalog makes much more efficient use of the customer""s time.
Shopping for goods and services using a personal computer to place an order on a network is a natural extension to the more traditional catalog shopping, since the customer enjoys these same benefits. The CompuServe network and other private networks have long offered members the opportunity to browse through on-line xe2x80x9cElectronic Shopping Mallsxe2x80x9d and place orders for goods shown and described therein. New opportunities for shopping via personal computer arise daily as more people gain access to the Internet network, with its inter-connectivity and easy access through the World Wide Web or E-mail. Such: transactions conducted over the Internet are also referred to as xe2x80x9cE-commerce transactionsxe2x80x9d.
A credit card facilitates making purchases via telephone or over the network. However, users are justifiably concerned about placing orders for merchandise on networks such as the Internet, for example via E-mail, because of the lack of secure communications. Although there are many implementations of security measures on the Internet, unauthorized third parties have still penetrated these security measures and gained access to credit card data, social security numbers or other personal information transmitted over the network. Once a dishonest person has the credit card number, thousands of dollars can be improperly charged to the customer""s credit card account.
One solution to this problem is for the customer to enter, for delivery over the network, an order that does not include the customer""s credit card number. To complete the order, the customer must then call the merchant on an 800 telephone number, for example, to provide the credit card number. However, this method does not enable the credit card data to be readily associated with and entered into the order previously placed by the customer. Errors in the order can easily arise. For example, the customer""s credit card number can be assigned to the wrong order. Furthermore, telephone transactions are also vulnerable to the same security and user privacy issues as described above for Internet transactions. In addition, there is usually a considerable delay to further inconvenience the customer while a clerk asks the customer other questions that will help to ensure the correct match between an order that was previously transmitted and the customer""s credit card number given over the phone.
A similar approach for placing an order in current use is initiated when a customer sends an order,-without credit card information, to a merchant over a non-secure network. After receiving the order, the merchant""s clerk or an automated system sends an E-mail message to the customer containing an order number that uniquely identifies the order. Upon receiving the E-mail message, the customer dials a telephone number that connects to the merchant""s facilities. In response to prompting from an automated attendant, the customer enters the unique order number and correct credit card number for billing the order on a touch-tone telephone (assuming that the customer has placed the call on this type of phone). The order number is used to match the correct order with the customer""s credit card number. However, this method requires that the customer retain the unique order number assigned by the merchant for entry during the subsequent phone call.
Another approach to solving this problem is to encrypt the credit card information included in an order placed on a public network. Using the encrypted credit card data, an order can be completed in a single transaction. However, virtually all of the encryption schemes thus far developed for protecting such sensitive data have drawbacks. For example, most encryption schemes require the use of an encryption key that is known only to the party encrypting information and to the intended recipient of the information who will decrypt it. The secure distribution and safeguard of such encryption keys adds too much complexity to network shopping transactions and will likely not be readily accepted by customers. While it is possible to embed an encryption key in an application designed to take an order and transmit it over the network, the embedded encryption key can be discovered by others who may then misuse it. Even public key encryption systems require use of a xe2x80x9cprivatexe2x80x9d key that should not be disclosed to others. In addition, and perhaps more importantly, the software required for any encryption system must be distributed to prospective customers before the system can be used to transfer credit card data when a customer places an order. The widespread dissemination of such software will likely not occur for some time. Even if the consumer""s financial information is securely transferred to the vendor over the Internet, the consumer has submitted a substantial amount of personal information to a stranger. This personal information is often resold to other firms that send unsolicited e-mail, phone calls and junk mail. Internet commerce, as a business environment, will not grow as expected if consumers perceive unknown vendors as untrustworthy.
A new method for making payment over a public network is needed that enables a customer to place an order or make a simple fund transfer without submitting financial data, credit card numbers and other personal information. The financial data transaction should be automated for optimum efficiency and to minimize the time required for the customer to complete the transaction. The present invention represents a workable solution to this problem that is relatively efficient, secure and foolproof.
The present invention is directed, in a first aspect, a method for effecting a financial transaction over a public network without the submission of sensitive information, comprising the steps of:
a) providing an apparatus comprising (i) a common controller in data communication with at least one public network, the common controller having user and transaction databases and a processor for generating digital tokens, each digital token representing a particular monetary value and containing a particular digital signature and alterable digital token status data indicating ownership of the digital token, and (ii) a plurality of user data communication interfaces in data communication with the public network;
b) establishing user accounts in the user databases of the common controller;
c) transmitting to the common controller a user identification and PIN to obtain access to the common controller;
d) authenticating the user identification and PIN to determine whether access to the common controller is permitted;
e) generating an application level secure communication channel through which all data communication is to be effected;
f) transmitting data representing a template of an automated teller machine to the user data communication interface of a first user whose identification PIN was authenticated;
g) initiating a financial transaction between the first user and a second user by using the automated teller machine of step (f) to transmit a request to the common controller to effect a transfer of a monetary sum to a destination account;
h) generating a temporary account identified by an account number for temporarily storing the transferred monetary sum;
i) generating multiple digital tokens having a value equal to the monetary sum in the temporary account and data defining a unique digital signature and a digital token status;
j) transmitting to the first user encrypted data representing the temporary account number;
k) decrypting the data transmitted to the first user so as to change the status of the digital token to indicate the amount of e-cash that is subject of a pending transaction;
l) transmitting data to the common controller that authorizes the common controller to transfer the monetary sum from the temporary account to the destination account;
m) transmitting data to the second user representing the e-cash and the account number which identifies the temporary account having therein the monetary sum represented by the digital token; and
n) transmitting data to the common controller to transfer the monetary sum corresponding to the value of the digital token from the temporary account to the destination account and to alter the status of the digital token to indicate ownership of the digital token and update the usage counter in each digital token.
In one embodiment, at least some of the plurality of user data communication interfaces comprise a wireless application protocol network, and a wireless consumer data communication device in data communication with the wireless application protocol network.
In a related aspect, the present invention is directed to a method for effecting a financial transaction over a public network without the submission of sensitive information, comprising the steps of:
a) providing an apparatus comprising (i) a common controller in data communication with one or more public networks, the common controller having user and transaction databases and a processor for generating digital tokens, each digital token representing a particular monetary value and containing a particular digital signature and alterable digital token status data indicating ownership of the digital token, and (ii) a plurality of user data communication interfaces in data communication with the public network;
b) establishing user accounts in the user databases of the common controller;
c) transmitting to the common controller a user identification and personal identification number (xe2x80x9cPINxe2x80x9d) to obtain access to the common controller;
d) authenticating the user identification and PIN to determine whether access to the common controller is permitted;
e) generating an application level secure communication channel through which all data communication is to be effected;
f) transmitting data representing a template of an automated teller machine to the user data communication interface of a first user whose identification and PIN were authenticated;
g) initiating a transaction between the first user and a second user whereby the first user desires to tender a monetary payment to the second user;
h) using the automated teller machine of step (f) to transmit a request to the common controller to effect transfer of a monetary sum from the account of the first user and the account of the second user;
i) generating a temporary account identified by an account number and transferring the monetary sum from the first user""s account into the temporary account;
j) generating multiple digital tokens having a total value equal to the monetary sum in the temporary account and data defining a unique digital signature and a digital token status;
k) transmitting to the first user encrypted data representing the temporary account number which handles current transaction session;
l) decrypting the data transmitted to the first user so as to change the status of the digital tokens to indicate the amount of e-cash that is subject of a pending transaction;
m) transmitting data to the common controller that authorizes the common controller to transfer the monetary sum from the temporary account to the second user""s account;
n) transmitting data to the second user representing the e-cash and the account number which identifies the temporary account having therein the monetary sum represented by the digital token;
o) transmitting data to the common controller to transfer the monetary sum corresponding to the value of the digital token from the temporary account to the second user""s account and to alter the status of the digital token to indicate ownership of the digital token and update the usage counter in each digital token;
n) closing the temporary account.
The user accounts may be established in data bases other than those of the common controller. The common controller can handle multiple forms of user identification depending upon the type of user end-user devices.