Methods and apparatus for conducting electronic transactions
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06Q-020/00
G06F-007/04
G06F-011/30
출원번호
US-0859046
(2010-08-18)
등록번호
US-8214299
(2012-07-03)
발명자
/ 주소
Bishop, Fred Alan
Glazer, Elliott Harold
Gorgol, Zygmunt Steven
Hohle, William G.
Johnson, Michael G.
Johnstone, David E.
Lake, Walter Donald
Royer, Coby
Simkin, Marvin
Swift, Nick
White, Dirk B.
Bennett, Russell
출원인 / 주소
American Express Travel Related Services Company, Inc.
대리인 / 주소
Snell & Wilmer L.L.P.
인용정보
피인용 횟수 :
3인용 특허 :
147
초록▼
A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a
A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a server on a network that conducts all or portions of the transaction on behalf of the user. In various embodiments a wallet server interacts with a security server to provide enhanced reliability and confidence in the transaction. In various embodiments, the wallet server includes a toolbar. In various embodiments, the digital wallet pre-fills forms. Forms may be pre-filled using an auto-remember component.
대표청구항▼
1. A method comprising: receiving, by a server comprising a processor and a non-transitory, tangible memory, a transaction request from a user for a transaction at a merchant server;issuing, by the server, a challenge;forwarding, by the server, the challenge to the user, wherein the challenge is pas
1. A method comprising: receiving, by a server comprising a processor and a non-transitory, tangible memory, a transaction request from a user for a transaction at a merchant server;issuing, by the server, a challenge;forwarding, by the server, the challenge to the user, wherein the challenge is passed to an intelligent token for processing the challenge, and wherein the intelligent token generates a response to the challenge;receiving, by the server, the response from the user based upon the challenge;processing, by the server, the response;verifying, by the server, the intelligent token;assembling, by the server, credentials for the transaction, wherein the credentials comprise a key;providing, by the server, at least a portion of the assembled credentials to the user;receiving, by the server, a second request from the user, wherein the second request includes the portion of the assembled credentials provided to the user;validating, by the server, the portion of the assembled credentials provided to the user with the key of the assembled credentials providing access to a transaction service;initiating, by the server, a transaction session for use with the transaction service;receiving, by the server, a third party request comprising executable commands being associated with a selected programming language;scanning, by the server and while in the transaction session, the third party request to find executable commands; andat least one of editing and removing, by the server, at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of: rendering the executable commands unexecutable by a network client by removing a character of the executable commands, andrendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands. 2. The method of claim 1, further comprising rejecting a request in response to the third party request containing the executable commands having a hostile character. 3. The method of claim 1, further comprising logging the executable commands to form a security log. 4. The method of claim 3, further comprising reviewing the security log to determine whether the executable commands are hostile. 5. The method of claim 1, wherein the executable commands cause an unwanted action when executed. 6. The method of claim 1, wherein the executable commands are malicious. 7. The method of claim 1, further comprising receiving a request for a connection at the network server from the network client. 8. The method of claim 7, further comprising verifying that a response from the network server to the network client is void of the executable commands. 9. The method of claim 8, further comprising providing the response from the network server to the network client. 10. The method claim 1, wherein the rendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands comprises converting a script format character to another character, wherein the script format character identifies a block of code. 11. The method claim 1, wherein the rendering the executable commands unexecutable by the network client by removing a character of the executable commands comprises removing a script format character, wherein the script format character identifies a block of code. 12. The method of claim 1, wherein the selected programming language comprises javascript. 13. The method of claim 1, wherein the selected programming language comprises SQL code. 14. The method of claim 1, wherein the selected programming language comprises XML code. 15. The method of claim 1, wherein the selected programming language comprises a markup language. 16. The method of claim 1, further comprising rejecting the transaction request in response to the third party request being received from the merchant server, wherein the third party request comprises hostile code. 17. The method of claim 1, further comprising rejecting the transaction request in response to the third party request being received from an advertisement on the merchant server, wherein the third party request comprises hostile code. 18. An article of manufacture including a non-transitory, tangible computer readable medium having instructions stored thereon that, in response to execution by a server, cause the server to perform operations comprising: receiving, by the server, a transaction request from a user for a transaction at a merchant server;issuing, by the server, a challenge;forwarding, by the server, the challenge to the user, wherein the challenge is passed to an intelligent token for processing the challenge, and wherein the intelligent token generates a response to the challenge;receiving, by the server, the response from the user based upon the challenge;processing, by the server, the response;verifying, by the server, the intelligent token;assembling, by the server, credentials for the transaction, wherein the credentials comprise a key;providing, by the server, at least a portion of the assembled credentials to the user;receiving, by the server, a second request from the user, wherein the second request includes the portion of the assembled credentials provided to the user;validating, by the server, the portion of the assembled credentials provided to the user with the key of the assembled credentials providing access to a transaction service;initiating, by the server, a transaction session for use with the transaction service;receiving, by the server, a third party request comprising executable commands being associated with a selected programming language;scanning, by the server and while in the transaction session, the third party request to find executable commands; andat least one of editing and removing, by the server, at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of: rendering the executable commands unexecutable by a network client by removing a character of the executable commands, andrendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands. 19. A system comprising: a tangible, non-transitory memory communicating with a server,the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the server, cause the server to perform operations comprising: receiving, by the server, a transaction request from a user for a transaction at a merchant server;issuing, by the server, a challenge;forwarding, by the server, the challenge to the user, wherein the challenge is passed to an intelligent token for processing the challenge, and wherein the intelligent token generates a response to the challenge;receiving, by the server, the response from the user based upon the challenge;processing, by the server, the response;verifying, by the server, the intelligent token;assembling, by the server, credentials for the transaction, wherein the credentials comprise a key;providing, by the server, at least a portion of the assembled credentials to the user; receiving, by the server, a second request from the user, wherein the second request includes the portion of the assembled credentials provided to the user;validating, by the server, the portion of the assembled credentials provided to the user with the key of the assembled credentials providing access to a transaction service;initiating, by the server, a transaction session for use with the transaction service;receiving, by the server, a third party request comprising executable commands being associated with a selected programming language;scanning, by the server and while in the transaction session, the third party request to find executable commands; andat least one of editing and removing, by the server, at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of: rendering the executable commands unexecutable by a network client by removing a character of the executable commands, andrendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (147)
Gokcebay Asil T. (San Francisco CA), Access control system with mechanical keys which store data.
Davis Terry L. (Scottsdale AZ) Hart James A. (Radnor PA) O\Malley Michael F. (Glenside PA) Russell James F. (Hockessin DE) Sears John W. (Peoria AZ) Trice Philip H. (Phoenix AZ), Collection of value from stored value systems.
Rose Marshall T. ; Stein Lee H. ; Borenstein Nathaniel S. ; Lowery Carlyn M. ; New Darren ; Stefferud Einar, Computerized payment system for purchasing goods and services on the internet.
Stein Lee H. ; Stefferud Einar A. ; Borenstein Nathaniel S. ; Rose Marshall T., Computerized system for making payments and authenticating transactions over the internet.
Renner G. Fred ; Johnson Randall E. ; Chu-Jeng Caroline, Distinct smart card reader having wiegand, magnetic strip and bar code types emulation output.
Mansvelt Andre P. (171 ANderson Avenue Northcliff ; Johannesburg ; Transvaal ZAX) Belamant Serge C. P. (55 - 13th Street Parkmore ; Johannesburg ; Transvaal ZAX), Funds transfer system.
Glass Randal ; Salganicoff Marcos ; von Seelen Ulf Cahn, Method and apparatus for securely transmitting and authenticating biometric data over a network.
Biorge James E. ; Hauge Richard T. ; Svigals Jerome, Method and system for allocating and redeeming incentive credits between a portable device and a base device.
Friedes Albert (East Brunswick NJ) Perea Carlos A. (Bethlehem PA) Tsao Yao-Chung (Middletown NJ), Method and system for mediating transactions that use portable smart cards.
Bolle, Rudolf Maarten; Nunes, Sharon Louise; Pankanti, Sharathchandra; Ratha, Nalini Kanta; Smith, Barton Allen; Zimmerman, Thomas Guthrie, Method for biometric-based authentication in wireless communication for access control.
Bishop, Fred Alan; Glazer, Elliot Harold; Gorgol, Zygmunt Steven; Hohle, William G.; Johnson, Michael G.; Johnstone, David E; Lake, Walter Donald; Royer, Coby; Simkin, Marvin; Swift, Nick; White, Dirk B; Bennett, Russell, Methods and apparatus for conducting electronic transactions.
Maes Stephane Herman ; Sedivy Jan,CSX, Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security.
Dolan George M. (Charlotte NC) Holloway Christopher J. (Woking GB2) Matyas ; Jr. Stephen M. (Poughkeepsie NY), Public key data communications system under control of a portable security device.
Schick David (150-54 76th Rd. Flushing NY 11367) Bane Mark (141-17 72nd Crescent Flushing NY 11367), Self verifying transaction card with disabling capability.
Fox, Barbara L.; Waters, Lester L.; Spelman, Jeffrey F.; Seidensticker, Robert B.; Thomlinson, Matthew W., System and method for secure electronic commerce transaction.
Dillaway Blair B. ; Barlow Douglas C. ; Lipscomb Terry M., System and method of using smart cards to perform security-critical operations requiring user authorization.
Hoehn-Saric Rudolph Christopher ; Nguyen Christopher L. ; Stevens Patrick D., System for administration of remotely-proctored, secure examinations and methods therefor.
Michael F. Guheen ; James D. Mitchell ; James J. Barrese, System for establishing plan to test components of web based framework by displaying pictorial representation and conveying indicia coded components of existing network framework.
Bogosian ; Jr. Charles A. (Warwick RI), System for verifying use of a credit/identification card including recording of physical attributes of unauthorized user.
Nguyen Trong ; Subramanian Mahadevan P. ; Haller Daniel R., System, method and article of manufacture for a gateway system architecture with system administration information acce.
Williams Humphrey ; Hughes Kevin ; Parmar Bipinkumar G., System, method and article of manufacture for network electronic authorization utilizing an authorization instrument.
Davis Terry L. ; Hart James A. ; Imperia Vincent A. ; Love Michael ; O'Malley Michael F. ; Russell James F. ; Sears John W. ; Trice Philip H., Transaction system comprising a first transportable integrated circuit device, a terminal, and a security device.
Davis Terry L. (Scottsdale AZ) Hart James A. (Radnor PA) Imperia Vincent A. (Tempe AZ) Love Michael (Wilmington DE) O\Malley Michael F. (Glenside PA) Russell James F. (Hockessin DE) Sears John W. (Pe, Transaction system for integrated circuit cards.
Pitroda Satyan G. (1480 Golden Bell Ct. Downers Grove IL 60515), Universal electronic transaction card including receipt storage and system and methods of conducting electronic transact.
Baker, David Preston; Hussein, Mohamed Reza; Marshall, III, Stanley N.; Hiller, Matthew Eric; Tung, Chin Pang; Mitchell, Andrew Robert, Optimistic receipt flow.
Baker, David Preston; Marshall, III, Stanley N.; Hussein, Mohamed Reza; Hiller, Matthew Eric; Tung, Chin Pang; Mitchell, Andrew Robert, Secure storage of payment information on client devices.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.