US2016283938A1PendingUtilityA1

Validating card not present financial transactions made over the Internet with e-Commerce websites using specified distinctive identifiers of local/mobile computing devices involved in the transactions

60
Assignee: STREUTER GARY WILLIAMPriority: Nov 17, 2010Filed: Mar 28, 2016Published: Sep 29, 2016
Est. expiryNov 17, 2030(~4.4 yrs left)· nominal 20-yr term from priority
G06Q 20/40G06Q 20/308H04L 2463/082G06Q 20/4097G06Q 20/40145G06Q 20/409G06Q 20/02G06Q 20/1085G06Q 20/382H04L 63/0861H04L 63/083H04L 63/102
60
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The present invention consists of methods whereby local/mobile computing devices are registered by collecting a set of hardware and/or software distinctive identifiers to be saved in a validation database residing on a validation database server/Web server, such that the local/mobile computing device can be used as a digital hardware key for right of access and authorization of electronic transactions. This is done by comparing a regenerated set of hardware and/or software distinctive identifiers with those previously registered in the validation database in order to validate the identity of the local/mobile computing device. The invention consists of a first software program executing on a local/mobile computing device that generates the set of hashed and/or encrypted hardware and/or software distinctive identifiers and a second software program resident residing on a validation database server/Web server that manages the validation database.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system whereby a transaction certifying authority communicably coupled to an e-Commerce website and a validation Database Server/Web Server processes credit, debit or prepaid card transactions where a physical credit/debit card is not present comprising:
 a a local/mobile computing device under control of a user submits a financial transaction to said e-Commerce website via a web page provided by said e-commerce website;   b said e-Commerce website submits an authorization request in response to receiving a financial transaction from said user to said transaction certifying authority;   c said transaction certifying authority sends a regenerate specified distinctive identifiers request to said local/mobile computing device via said e-Commerce website;   d a first software program resident and executing on said local/mobile computing device receives said regenerate specified distinctive identifiers request;   e said first software program regenerates a set of specified distinctive identifiers from said local/mobile computing device, said regenerated specified distinctive identifiers are obtained from unique serial or identification data of hardware modules and/or software modules resident on said local/mobile computing device;   f said first software program secures said set of regenerated specified distinctive identifiers by hashing and/or encrypting said set of regenerated specified distinctive identifiers then transmits said set of regenerated specified distinctive identifiers to said e-commerce website which then forwards said regenerated specified distinctive identifiers to said transaction certifying authority, said e-commerce website may then securely erase the regenerated specified distinctive identifiers received from the local/mobile computing device;   g said first software program upon transmitting the regenerated specified distinctive identifiers to said e-commerce website may securely erase the results of the regenerated specified distinctive identifiers from the local/mobile computing device;   h said transaction certifying authority after receiving said set of regenerated specified distinctive identifiers transmits said set of regenerated specified distinctive identifiers to a validation database server/website Server containing a database of previously registered specified distinctive identifiers from a plurality of local/mobile computing devices;   i said transaction certifying authority may securely erase said regenerated specified distinctive identifiers once said regenerated specified distinctive identifiers have been transmitted to the validation database server/Web server;   j said validation database server/Web server contains a second software program which attempts to match the received set of regenerated specified distinctive identifiers to at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices;   k if said second software program matches said received set of regenerated specified distinctive identifiers against at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said second software program electronically notifies said transaction certifying authority of said matching and if said second software program does not find a match between said received set of regenerated specified distinctive identifiers against at least one set of said previously registered selected distinctive identifiers from a plurality of local/mobile computing devices, said second software program electronically notifies said transaction certifying authority that said match was not made;   l if said transaction certifying authority receives from said validation database server/website Server notice that a match was made between said received set of regenerated specified distinctive identifiers and at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said transaction certifying authority electronically notifies said e-Commerce website that said financial transaction request is accepted;   m if said transaction certifying authority receives from said validation database server/Web Server notice that a match was not made between said received set of regenerated specified distinctive identifiers and at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said transaction certifying authority electronically notifies said e-Commerce website that said financial transaction request is denied;   n said second software program upon transmitting said match results to said transaction certifying authority may securely erase said regenerated specified distinctive identifiers from the local/mobile computing device.   
     
     
         2 . The system of  claim 1  whereby the specified distinctive identifiers of said local/mobile computing device that are collected, processed, and transmitted by said first software program may also include a password and/or biometric marker entered by a user, as well as a unique identification string of characters associated with said first software program, said string of characters may include one or more characters that identify the specific local/mobile computing device and all such passwords, biometric markers, and unique identification strings of characters shall be hashed and or encrypted prior to transmission to said transaction certifying authority or to said e-commerce website. 
     
     
         3 . The system of  claim 1  whereby if said transaction certifying authority receives from said validation database server/website Server notice that a match was made between said received set of regenerated specified distinctive identifiers and at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said transaction certifying authority examines a database containing details of said user's account to determine if additional criteria exists that would negate a match notification after which said transaction certifying authority will, if said additional criteria exists, electronically notifies said e-Commerce website that the financial transaction request is denied and if said database does not contain additional criteria to negate said match notification, said transaction certifying authority electronically notifies said e-Commerce website that said financial transaction request is accepted. 
     
     
         4 . The system of  claim 1  whereby if said transaction certifying authority receives from said validation database server/Web Server notice that a match was not made between said received set of regenerated specified distinctive identifiers and at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said transaction certifying authority examines a database containing details of said user's account to determine if additional criteria exists that would negate a not match notification after which said transaction certifying authority will, if said additional criteria exists electronically notifies said e-Commerce website that the financial transaction request is accepted and if said database does not contain additional criteria to negate said not matched notification, said transaction certifying authority electronically notifies said e-Commerce website that said financial transaction request is denied. 
     
     
         5 . A method whereby a transaction certifying authority, upon receiving a card not present e-Commerce transaction authorization request, can instruct a first software program residing on a communicably coupled local/mobile computing device used to initiate said card not present e-Commerce authorization request, to regenerate a plurality of specified distinctive identifiers drawn from said local/mobile computing device, said regeneration steps comprising:
 a A card not present e-Commerce transaction generated by said local/mobile computing device is sent to an e-Commerce merchant involved in said transaction;   b Said e-Commerce merchant may act as the certifying authority for this e-Commerce transaction or said e-Commerce merchant may forward the card not present authorization request to a 3 rd  party, which may act as the transaction certifying authority for said e-Commerce transaction;   c Said transaction authorization request associated with said card not present transaction is received by said transaction certifying authority from a local/mobile computing device being used to initiate the transaction authorization request;   d said transaction certifying authority sends an execute instruction with a regeneration flag to said first software program residing on said local/mobile computing device being used to initiate said card not present transaction;   e said first software program, upon receiving said execute instruction from said transaction certifying, proceeds to regenerate said specified distinctive identifiers;   f said specified distinctive identifiers collected by said first software program during said regeneration process are processed such that they become anonymous and not traceable back to said local/mobile computing device from which they were derived;   g said regenerated specified distinctive identifiers are securely packaged by said first software program prior to being transmitted to said transaction certifying authority;   h said regenerated secured specified distinctive identifiers are electronically transmitted by said first software program residing on said local/mobile computing device to said transaction certifying authority after which said first software program may securely erase all said regenerated specified distinctive identifiers;   i said transaction certifying authority, upon receiving, either directly from said local/mobile computing device or indirectly from said e-Commerce merchant, said regenerated secured specified distinctive identifiers electronically transmits said regenerated secure specified distinctive identifiers to a second software program residing on a Validation Database Server/Web server containing a database of previously registered specified distinctive identifiers from a plurality of local/mobile computing devices;   j said transaction certifying authority may securely erase said regenerated specified distinctive identifiers once said regenerated specified distinctive identifiers have been transmitted to the validation database server/Web server;   k said validation database server/Web server contains said second software program which attempts to match the received set of regenerated specified distinctive identifiers to at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices;   l if said second software program matches said received set of regenerated specified distinctive identifiers against at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said second software program electronically notifies said transaction certifying authority of said matching and if said second software program does not find a match between said received set of regenerated specified distinctive identifiers against at least one set of said previously registered selected distinctive identifiers from a plurality of local/mobile computing devices, said second software program electronically notifies said transaction certifying authority that a match was not made;   m if said transaction certifying authority receives from said validation database server/web Server a notice that a match was made between said received set of regenerated specified distinctive identifiers and at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said transaction certifying authority electronically notifies said e-Commerce merchant that said card not present e-Commerce transaction authorization request is accepted;   n if said transaction certifying authority receives from said validation database server/Web Server notice that a match was not made between said received set of regenerated specified distinctive identifiers and at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said transaction certifying authority electronically notifies said e-Commerce merchant that said card not present e-Commerce transaction authorization request is denied;   o said second software program, upon transmitting said match results to said transaction certifying authority, may securely erase said regenerated specified distinctive identifiers from the local/mobile computing device.   
     
     
         6 . The method of  claim 5  whereby said specified distinctive identifiers collected during the regeneration process by said first software program executing on said local/mobile computing device may include a password or bio metric marker supplied by the person initiating the authorization request and may also include a unique identification string of characters associated with said first software program, said string of characters may include one or more characters that identify the specific local/mobile computing device. 
     
     
         7 . The method of  claim 5  whereby if said transaction certifying authority receives from said Validation Database Server/Web server a notice that a match was made between said received set of regenerated specified distinctive identifiers and at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said transaction certifying authority examines a database containing details of said user's account to determine if additional criteria exists that would negate a match notification after which said transaction certifying authority will, if said additional criteria exists, electronically notifies said e-Commerce merchant that the e-Commerce transaction authorization request is denied and if said database does not contain additional criteria to negate said match notification, said transaction certifying authority electronically notifies said e-Commerce merchant that said e-Commerce transaction authorization request is accepted. 
     
     
         8 . The method of  claim 5  whereby if said transaction certifying authority receives from said validation database server/Web Server notice that a match was not made between said received set of regenerated specified distinctive identifiers and at least one set of said previously registered specified distinctive identifiers from a plurality of local/mobile computing devices, said transaction certifying authority examines a database containing details of said user's account to determine if additional criteria exists that would negate a not match notification after which said transaction certifying authority will, if said additional criteria exists electronically notifies said e-Commerce merchant that the e-Commerce transaction authorization request is accepted and if said database does not contain additional criteria to negate said not matched notification, said transaction certifying authority electronically notifies said e-Commerce merchant that said e-Commerce transaction authorization request is denied. 
     
     
         9 . A method whereby a second software program residing on a validation database server/Web Server, receives secured specified distinctive identifiers from a transaction certifying authority and recognizing a regeneration flag parameter, prepares regenerated specified distinctive identifiers for matching against said specified distinctive identifiers previously entered into said validation database during a registration process and containing a plurality of validation records, each validation record comprised of a plurality of said specified distinctive identifiers for a single local/mobile computing device, each of said specified distinctive identifiers may contain a level of compliance flag specifying that the associated specified distinctive identifier may or may not have to be matched to be valid comprising;
 a said matching of said regenerated specified distinctive identifiers against said registered validation records residing on said validation database is an attempt to validate the identity of said local/mobile computing device initiating a card not present e-Commerce transaction authorization request against a validation record registered in said validation database;   b said second software program performs a validation function by attempting to match said regenerated specified distinctive identifiers received from said transaction certifying authority against at least one registered validation record of specified distinctive identifiers previously registered in said validation database residing on said validation database server/Web server;   c said second software program determines if said set of regenerated specified identifiers matched against at least one set of said specified distinctive identifiers previously registered in said validation database meet the level of compliance required to issue a positive validation notice;   d said second software program will, after determining that said set of regenerated specified distinctive identifiers did or did not meet the level of compliance required to validate this transaction, process a positive or negative validation result notification that is sent to said transaction certifying authority that initiated said validation request.   
     
     
         10 . The method of  claim 9  whereby said second software program may securely erase said regenerated specified distinctive identifiers upon completion of the sending of a positive or negative validation result to said certifying authority. 
     
     
         11 . The method of  claim 9  whereby a predetermined number of regenerated specified distinctive identifiers, drawn from said local/mobile computing device must be matched against a predetermined number of registered specified distinctive identifiers contained in a said validation database in order to generate a validated positive match response. 
     
     
         12 . The method of  claim 9  whereby said matching of said regenerated specified distinctive identifiers to said specified distinctive identifiers previously registered in said validation database is used to validate the identity of said initiating local/mobile computing device being used in the process of authorizing a card not present credit/debit card/bank transaction. 
     
     
         13 . A system for authorizing a credit/debit card financial e-Commerce transaction when the credit/debit card cannot be physically presented to an on-line merchant website comprising:
 a a local/mobile computing device where a user initiates a financial transaction on an e-Commerce website, said local/mobile computing device generates identifying data on request from said on-line merchant website, said identifying data identifies said local/mobile computing device as a unique device and which may also include data which can identify said user, said identifying data sent to said e-Commerce merchant website when requested by said e-Commerce merchant website;   b said e-Commerce merchant website being accessed by said user and receiving a transaction request which includes said identifying data from said local/mobile computing device, sends said transaction request to a transaction certifying authority to validate the identity of said local/mobile computing device;   c said transaction certifying authority receiving a request including said identifying data from said e-Commerce web site sends said transaction request to validate said identifying data to a validation database server/web server;   d said validation database server/web server containing a database of said identifying data of previously registered local/mobile computing devices, said validation database server receives a request from said transaction certifying authority to match said identifying data contained in said request for said local/mobile computing device against identifying data previously stored in said database during a registration process, said validation database server/web server will, if a match is made, return a matched response to said transaction certifying authority and, if a match is not made, return a not matched response to said transaction certifying authority.   
     
     
         14 . The system of  claim 13  whereby said e-Commerce web site sends a signal to said local/mobile computing device to generate said identifying information consisting of specific distinctive identifiers drawn from hardware modules and/or software modules and which may include a user password or a digital bio-metric marker. 
     
     
         15 . The system of  claim 13  whereby said specific distinctive identifiers drawn from hardware modules such as, but not limited to, communications hardware modules and may consist of serial numbers such as but not limited to MAC addresses or serial numbers from hardware ports such as but not limited to USB ports and specific distinctive identifiers drawn from software modules may consist of, but not limited to, activation keys and user passwords and/or user bio-metric markers such as, but not limited to, one or more finger prints, one or more iris scans, or other bio-metric markers. 
     
     
         16 . The system of  claim 13  where said local/mobile computing device contains a first software module with a serial number, said first software module generates, said specific distinctive identifiers which may include said first software module serial number.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.