1. Field of the Invention
This invention relates to the field of electronic commerce (hereafter xe2x80x9ce-commercexe2x80x9d). More particularly, the present invention relates to methods and systems for directory-authenticated electronic transactions including contingency-dependent payments via secure electronic bank drafts.
2. Description of the Related Art
The network of computers and networks commonly known as the Internet, initially developed as a military and academic communications tool, has now matured into a global communications medium. The explosive growth of the Internet, together with the increasingly ubiquitous availability of high bandwidth access thereto, has spurred efforts in adapting this medium for commercial purposes. The twin developments of the World Wide Web (hereafter xe2x80x9cWebxe2x80x9d) and the software tools for navigating the Web known as xe2x80x9cbrowsersxe2x80x9d have been instrumental in facilitating popular acceptance of the buying and selling of goods and services on the Internet. Currently, a person wishing to buy goods and/or services on the Web (hereafter xe2x80x9cWeb buyerxe2x80x9d) must first find the Universal Resource Locator (hereafter xe2x80x9cURLxe2x80x9d) of the merchant of interest (hereafter xe2x80x9cWeb sellerxe2x80x9d), typically using a search engine or a portal. Alternatively, the user may learn the URL of a seller from an advertisement or may store the URL obtained through whatever source and visit the seller site directly without going through a portal or search engine. Thereafter, the Web buyer must navigate to the Web seller""s Web site, using his or her Web browser. After selecting the product the Web buyer wishes to purchase, the Web buyer is typically invited to fill out a lengthy electronic form on the Web seller""s site. Such electronic forms usually request personal and confidential information, including at least the user""s name, address, telephone numbers, email address, and credit card information. Often, the Web buyer is requested or invited to select a personal and unique identification tag (hereafter xe2x80x9cIDxe2x80x9d) and a password. Such ID and password pairs may then allow the Web buyer to bypass much of the data entry in the Web seller""s electronic form upon his or her next visit to the Web seller""s site. This, however, entails that the Web seller collects and stores the personal and billing information for each Web buyer. Although the majority of Web sellers may carefully secure and safeguard this wealth of personal information, the possibility exists that such information may be used for purposes other than originally contemplated by the Web buyer. Credit or charge card information is particularly sensitive to fraud and misuse. Indeed, a stolen (or misappropriated) but otherwise valid credit card number may be fraudulently used to purchase goods or services over the Web, due to the lack (or widely disparate nature) of security measures deployed by Web sellers to prevent such credit or charge card fraud. Such fraud is detrimental to all involved parties, including the credit card issuers, the Web buyers and the Web sellers, who must expend time and energy processing buyer complaints. The financial loss from credit card affects both credit card issuers as well as the buyer; the major loss, however, may be experienced by the merchant who has parted with the goods and has had the charge disallowed by the credit card issuer. For the merchant, this loss is a major disadvantage in the use of credit cards for e-commerce.
However, it is not only the Web buyer""s credit card information that may be stolen. Potentially far more damaging is the possibility of what may be called identity theft, the misappropriation and misuse of a person""s personal and financial information. The specter of identity theft is looming ever larger, as these Web-based electronic forms provide a pre-packaged, one-stop shopping source of highly detailed confidential information to unscrupulous individuals having access thereto. Although the vast majority of Web sellers are honorable and have established procedures aimed to thwart identity theft, the sheer proliferation of Web sellers on the Internet virtually ensures that such thefts will become increasingly commonplace.
Perhaps less actionable (but just as frustrating) is the possibility of what may be termed xe2x80x9cidentity confusionxe2x80x9d. Here, one person may be confused for another and their respective personal information may be substituted or merged with one another. For example, a Web seller or credit agency may mistakenly merge two records of two identically named but separate persons. Again, this problem can only be exacerbated by the proliferation of Web sellers on the Internet, each requesting, warehousing and perhaps mining and/or selling the personal and financial information obtained from their Web buyers.
This proliferation of Web sellers also means that Web buyers are repeatedly requested to select a great many separate ID""s and passwords pairs, one for each Web seller. It may become difficult, therefore, for the Web buyer to remember these ID-password pairs and/or to associate a particular ID-password pair with a particular Web seller. Some Web buyers resort to selecting a single ID-password pair and using that single ID-password pair for all of the Web sellers with whom they conduct business. This, however, is a less than satisfactory solution, as such Web buyers are more vulnerable to fraud should the single ID-password pair be misappropriated.
The perceived lack of security, simplicity and homogeneity in the data collection across Web sellers operate as barriers to entry into e-commerce, discouraging many potential buyers from purchasing goods and services on line. Web buyers, therefore, have an interest in promoting simple, homogeneous and secure Web-based transactions. What are needed, therefore, are methods and systems that allow financial transactions to be carried out on the Internet or other network in a manner that is simple, homogeneous across Web sellers and conducted in a manner that ensures the integrity and security of the Web buyers"" personal and financial information.
The interests of Web sellers are generally aligned with those of their buyers, in that Web sellers have an interest in promoting simple and secure e-commerce, so as to attract the greatest possible number of buyers to their site. If an alternative to the indiscriminate collection of buyer""s personal and financial information is to be implemented, Web sellers must be confident that they will be indeed paid for the goods or services they provide. What are needed, therefore, are methods and systems that will promote the interests of Web sellers and provide them with the complete assurance that they will be paid for the goods and services sold from their Web sites in a timely manner.
Curiously enough, banks thus far have not been an integral party to Web buyerxe2x80x94Web seller transactions. Indeed, although the money is ultimately debited from the Web buyer""s bank account, or charged to his or her credit or charge card, the buyer""s bank or other financial institution has not typically been actively involved in e-commerce transactions, as such transactions are conventionally structured. What are also needed, therefore, are methods and systems that include financial institutions such as banks as integral and central participants in e-commerce transactions.
Simple transactions involving a single buyer making an unconditional payment or an unconditional promise to pay a single seller, however, constitute only a fraction of the transactions that are routinely carried out. For example, many transactions involve contingent payments of some kind. Indeed, many transactions include built-in contingencies that must be met before goods or title will change hands or obligations released. Contracts for the purchase of real estate, for example, are complex transactions that typically involve the release of multiple contingencies (passing inspections, obtaining financing, carrying out improvements and other generally date-sensitive duties of both buyer and seller). Such transactions have historically been centered around holographic signatures on paper documents. Indeed, in the case of a contract for the sale of land, the buyer (and sometimes the seller) typically must repeatedly visit the escrow agent""s place of business to release contingencies and/or make payments as the contingencies are met and/or released. Alternatively, a single document may be repeatedly transmitted via facsimile for signature, ultimately rendering the final document nearly illegible and potentially subject to repudiation.
Other contingent payment schemes may rely upon other insecure schemes that may also be liable to repudiation. For example, a stockbroker will accept an order to buy or sell securities or other instruments over the telephone on the presumption that the order comes from a known customer. The transaction is consummated and both documentation and payment follow by mutual agreement as xe2x80x9csettlementxe2x80x9d, a predetermined period after the order is filled (e.g., five days). In this scenario, the customers operate based upon the assumed good faith on the broker and the broker operates on the assumed good faith of his or her customers. Such an interaction model, however, is fraught with possibilities for abuse and may expose both parties to significant liability.
Web-based brokerage, increasingly common at the present time, allows buy-sell orders over the Web on authentication of the client; this is an improvement over the phone-voice method, but no single sign-on mechanism is presently available and the Web brokerage client must select an ID and password for each broker with whom the client deals. As with other conventionally structured Web transactions, this proliferation of IDs and passwords may operate as a barrier to entry and prevent widespread acceptance of such e-commerce businesses.
Auction escrow arrangements for Web auctions are conventionally handled primarily by means of credit cards. Some on-line auction Web sites require participants to supply their credit card numbers to establish authentication. Independent escrow companies typically require credit card payments, which payments are held in escrow pending release of a timed contingency or by a specific action by the purchaser. Other examples of contingent payments include inter-company payments, especially payments from one e-business to another e-business. Such payments are typically carried out with conventional paper instruments or credit cards, neither solution being truly satisfactory. Many transactions require both spouses to physically sign a paper instrument. The inconvenience of requiring each spouse to physically go to a specified location for the sole purpose of holographically signing off on (releasing) a contingency or co-signing a paper check, contract or other instrument often tacitly encourages spousal forgery. However, such forgeries may also lead to repudiation of the instrument by the bank or escrow agent, notwithstanding the most often benign nature of the spousal forger""s intent. Presently, these and other contingent payments are generally handled entirely in paper format with holographic signatures. Electronic conversion of such contingency-containing transactions awaits viable methods of securely authenticating parties to contingency-containing transactions.
Such methods should provide ease of use, security and positively identity the buyer(s) and seller(s) of contingency-based payment or other contingency-containing transactions. Preferably, such methods should not resort to using credit card numbers and/or and social security numbers for identification and/or for authentication, as many consumers are understandably reluctant to broadcast such information, particularly over public networks such as the Internet. Preferably, such methods should allow remote authentication of all parties to a transaction and allow such parties to view the status of and/or release or reject any contingency (depending upon the permission level granted to that individual) within the transaction. Preferably, such methods should asynchronously notify all authenticated parties to the transaction upon completion or failure (and/or any intermediate stage(s)) of the transaction, such as when final payment has been credited to seller or when any contingency is rejected by any party to the transaction.
It is an object of the present invention, therefore, to provide methods and systems that allow financial transactions to be carried out on a network such as the Internet in a manner that is simple and that ensures the integrity and security of the buyer""s personal and financial information. It is also an object of the present invention to provide e-commerce methods and systems that include financial institutions such as banks or other trusted parties such as governmental agencies or corporations as integral and central participants in Web-based and like transactions. A further object of the present invention is to provide methods and systems for remote and secure authentication of parties to contingency-based transactions, thereby obviating the need for obtaining holographic signatures on paper documents to release contingencies. It is a still further object of the present invention to provide an infrastructure allowing complex transactions to be securely consummated by remote participants.
Accordingly, a computer-implemented method of carrying out an electronic transaction that includes a contingency-dependent payment via a secure electronic draft, according to an embodiment of the present invention, comprises a step of establishing a secure computer site that is controlled by a bank and that is accessible only to authenticated parties to the transaction, the site being configured to provide a description of a contingency and to include an option to remove the contingency, the removal of the contingency being a precondition to the bank releasing payment on the draft to a payee of the draft. Each party to the draft requesting access to the computer site is authenticated by encrypting at least a portion of an identification information provided by the requesting party over a secure channel and successfully matching the encrypted identification information with a stored encrypted identifier that is unique to the requesting party. Payment on the draft is released to the payee only when a drawer of the draft is successfully authenticated by the bank and when the option to remove the contingency is timely exercised by an authenticated party that is authorized to remove the contingency.
According to further embodiments, steps may be carried out to electronically notify each party to the transaction of their requested participation in the transaction, and to cancel the transaction unless each party to the transaction accesses the computer site, acknowledges receipt of the electronic notification, is authenticated and indicates their willingness to participate in the transaction. A fee may be assessed upon at least releasing payment and canceling the transaction. All fees may be paid according to agreements between the bank and the parties involved. Each encrypted identifier may include an ID and encrypted password pair, the pair being stored in a data structure controlled by the bank and managed by Directory software. Each encrypted identifier is preferably stored only by a single bank. The identification information for each party to the transaction may include an ID for that party and an identification of the bank in which the encrypted identifier for that party is stored. The bank in which the encrypted identifier is stored may further carry out the steps of requesting a password corresponding to the provided identification information, encrypting the requested password and matching the ID and encrypted password with a stored encrypted identifier. The authenticating step may authenticate the party to the draft only for a session of limited duration. The drawer""s encrypted identifier may be linked to the drawer""s financial information stored by the bank and the bank may access the stored financial information prior to the releasing step and may withhold payment on the draft when insufficient funds or credit are available or when agreed transaction limits are exceeded. The parties to the transaction may access the secure computer site over a Virtual Private Network on the Internet.
The present invention may also be viewed as a computer-implemented method (or a machine-readable medium having data stored thereon representing sequences of instructions which, when executed by one or more computers coupled to a secure network, causes at least one of said computers to perform the method) of securely carrying out an electronic transaction including a plurality of electronic drafts, a payment on at least one of the drafts being contingent upon removal of an associated contingency. Such a method includes a step of establishing a secure computer site that is controlled by a trusted entity and that is accessible only by authenticated parties to the transaction and by any authenticated contingency approver, the site being configured to provide a representation of each of the plurality of drafts and an option to remove any contingencies associated therewith. The parties and any contingency approver requesting access to the computer site are authenticated by encrypting at least a portion of an identification information provided by the requesting party or contingency approver over a secure channel and successfully matching the encrypted identification information with a stored encrypted identifier, the stored encrypted identifier being unique to the requesting party or contingency approver. Payment on a draft of the plurality of drafts is released only when a drawer of the draft is authenticated and when the option to remove each contingency associated with the draft is timely exercised by an authenticated party or authenticated contingency remover that is authorized to remove the contingency.
The transaction may be cancelled unless payment is timely released on each of the plurality of drafts and each of the contingencies of the transaction is removed by an authenticated party or contingency remover. The authentication step may include a step of granting a permission level and wherein all or a selected portion of the representation of the transaction at the computer site is viewable to each authenticated party or contingency approver, depending upon the permission level granted. The trusted entity may include an entity having a financial and fiduciary relationship with at least one of the parties to the transaction, such as a bank. Preferably, the identification information is unrelated to data associated with a payment instrument, such as a credit card number (unless previously agreed by the respective parties to the transaction and the trusted entity, such as the bank).
According to a further embodiment, the present invention is a method of carrying out secure electronic transactions over the Internet. The method includes a step of establishing a secure network linking a plurality of participating banks and storing an encrypted identifier for each participating account-holding customer in a customer""s home bank, the customer""s home bank being that bank of the plurality of banks in which the customer maintains an account. Each encrypted identifier is linked to the customer""s account. Each customer having caused an electronic draft to be presented to one of the plurality of banks is required to be authenticated prior to releasing payment on the draft, a customer being authenticated when identification information presented by the customer matches the encrypted identifier stored at the customer""s home bank, the encrypted identification information including an identification of the customer""s home bank.
The identification information may include a customer ID and the method may further include the step of storing a local master list at each of the plurality of banks, the local master list stored at each bank including the ID of each customer having presented the identification information to that bank and the identification of the customer""s home bank. The method may further comprise the step of forwarding the identification presented by the customer to the customer""s home bank over the secure network for authentication when the bank to which the identification information is presented is other than the customer""s home bank. The draft may include a contingency, a timely removal thereof by an appropriate authenticated party to the transaction being a precondition to the release of the payment on the draft. A secure computer site controlled by one of the plurality of banks may be established, the secure computer site being accessible only to authenticated parties to the transaction and including a representation of the transaction and an option to remove the contingency.