|
|
|
Including a payment switch or gateway |
Virtual point of sale processing using gateway-initiated messages6163772
Abstract
Secure transmission of data is provided between a plurality of computer systems over a public communication system, such as the Internet. For example, secure transmission of data is provided between a merchant server and an acquirer gateway using Secure Electronic Transaction (SET) compliant messages. However, gateway-initiated messages are not SET compliant. Accordingly, secure transmission of data using additional messages that are not SET compliant is provided in accordance with one embodiment of the present invention. In one embodiment, a method for virtual point of sale processing using gateway-initiated messages, includes establishing a first communication link (e.g., operating under the Internet Protocol) between an acquirer gateway and a merchant server, the first communication link being initiated by the acquirer gateway, and transmitting a gateway-initiated message (e.g., a Multipurpose Internet Mail Extensions(MIME) -encapsulated PKCS-7 message that includes a request for management information base data of the merchant server) via the first communication link from the acquirer gateway to the merchant server. The method also includes establishing a second communication link (e.g., operating under the Internet Protocol) between the acquirer gateway and the merchant server, the second communication link being initiated by the merchant server, and transmitting a Secure Electronic Transaction (SET) message via the second communication link from the merchant server to the acquirer gateway.
Claims
What is claimed is:
1. A method for virtual point of sale processing using gateway-initiated messages, comprising:
receiving a first message from a gateway at a server via a first channel, the first channel operating under a first protocol that allows for gateway-initiated messaging; and
transmitting a second message from the server to the gateway via a second channel, the second channel operating under a server-initiated messaging protocol.
2. The method as recited in claim 1, wherein the second message comprises a Secure Electronic Transaction (SET) message or an extended SET message.
3. The method as recited in claim 1, wherein the first message comprises a Multipurpose Internet Mail Extensions(MIME)-encapsulated PKCS-7 conformant message comprising name-value pairs.
4. The method as recited in claim 1, wherein the gateway comprises an acquirer gateway, and the server comprises a merchant server, the merchant server comprising a Secure Electronic Transaction (SET) module for SET request/response message pairs.
5. The method as recited in claim 1, wherein the first message comprises a request to upload information.
6. The method as recited in claim 5, wherein the requested upload information comprises management information base (MIB) data, the MIB data being transmitted from the server to the gateway via the second channel.
7. The method as recited in claim 1, wherein the first message comprises a request to download information, the requested download information comprising parameters that characterize the virtual point of sale processing being executed on the server.
8. The method as recited in claim 1, further comprising:
transmitting a third message from the server to a test gateway via the second channel, the server comprising a merchant server, and the third message comprising an extended Secure Electronic Transaction (SET) message, wherein the virtual point of sale processing is being tested on the merchant server.
9. The method as recited in claim 1, wherein the first message comprises administrative information for the server, the server displaying the administrative information.
10. An apparatus for virtual point of sale processing using gateway-initiated messages, comprising:
a gateway, the gateway transmitting a first message via a first channel, the first channel operating under a first protocol that allows for gateway-initiated messaging; and
a server, the server receiving the first message via the first channel, and the server transmitting a second message to the gateway via a second channel, the second channel operating under a server-initiated messaging protocol.
11. The apparatus as recited in claim 10, wherein the second message comprises a Secure Electronic Transaction (SET) message or an extended SET message.
12. The apparatus as recited in claim 10, wherein the first message comprises a Multipurpose Internet Mail Extensions (MIME)-encapsulated PKCS-7 conformant message comprising name-value pairs.
13. The apparatus as recited in claim 10, wherein the gateway comprises an acquirer gateway, and the server comprises a merchant server, the merchant server comprising a Secure Electronic Transaction (SET) module for SET request/response message pairs.
14. The apparatus as recited in claim 10, wherein the first message comprises a request to upload information.
15. The apparatus as recited in claim 14, wherein the requested upload information comprises management information base (MIB) data, the MIB data being transmitted from the server to the gateway via the second channel.
16. The apparatus as recited in claim 10, wherein the first message comprises a request to download information, the requested download information comprising parameters that characterize the virtual point of sale processing being executed on the server.
17. The apparatus as recited in claim 10, further comprising:
a test gateway, the test gateway receiving a third message from the server via the second channel, the server comprising a merchant server, and the third message comprising an extended Secure Electronic Transaction (SET) message, wherein the virtual point of sale processing is being tested on the merchant server.
18. The apparatus as recited in claim 10, wherein the first message comprises administrative information, the server comprising a display, and the server outputting the administrative information on the display.
19. A computer program embodied on a computer-readable medium for virtual point of sale processing using gateway-initiated messages, comprising:
a code segment that receives a first message from a gateway via a first channel, the first channel operating under a first protocol that allows for gateway-initiated messaging; and
a code segment that transmits a second message to the gateway via a second channel, the second channel operating under a server-initiated messaging protocol.
20. The computer program as recited in claim 19, wherein the second message comprises a Secure Electronic Transaction (SET) message or an extended SET message.
21. The computer program as recited in claim 19, wherein the first message comprises a Multipurpose Internet Mail Extensions(MIME)-encapsulated PKCS-7 conformant message comprising name-value pairs.
22. The computer program as recited in claim 19, wherein the gateway comprises an acquirer gateway, and the server comprises a merchant server, wherein the code segment that transmits the second message comprises a Secure Electronic Transaction (SET) module stored in the merchant server.
23. The computer program as recited in claim 19, wherein the first message comprises a request to upload information.
24. The computer program as recited in claim 23, wherein the requested upload information comprises management information base (MIB) data, the MIB data being transmitted from the server to the gateway via the second channel.
25. The computer program as recited in claim 19, wherein the first message comprises a request to download information, the requested download information comprising parameters that characterize the virtual point of sale processing being executed on the server.
26. The computer program as recited in claim 19, further comprising:
a code segment that transmits a third message from the server to a test gateway via the second channel, the server comprising a merchant server, and the third message comprising an extended Secure Electronic Transaction (SET) message, wherein the virtual point of sale processing is being tested on the merchant server.
27. The computer program as recited in claim 19, wherein the first message comprises administrative information for the server, the server displaying the administrative information.
Description
FIELD OF THE INVENTION
The present invention relates to the secure, electronic payment in exchange for goods and services purchased over an open communication network, and in particular, to virtual point of sale processing using gateway-initiated messages.
BACKGROUND
The present invention relates to an electronic representation of a monetary system for implementing electronic money payments as an alternative medium of economic exchange to cash, checks, credit and debit cards, and electronic funds transfer. The Electronic-Monetary System is a hybrid of currency, check, card payment systems, and electronic funds transfer systems possessing many of the benefits of these systems with few of their limitations. The system utilizes electronic representations of money that are designed to be universally accepted and exchanged as economic value by subscribers of the monetary system.
Today, approximately 350 billion coin and currency transactions occur between individuals and institutions every year. The extensive use of coin and currency transactions has limited the automation of individual transactions such as purchases, bank account deposits, and withdrawals. Individual cash transactions are burdened by the need to have the correct amount of cash or providing change. Furthermore, the handling and managing of paper cash and coins is inconvenient, costly, and time consuming for both individuals and financial institutions.
Although checks may be written for any specific amount up to the amount available in the account, checks have very limited transferability and must be supplied from a physical inventory. Paper-based checking systems do not offer sufficient relief from the limitations of cash transactions, sharing many of the inconveniences of handling currency while adding the inherent delays and costs associated with processing checks. To this end, economic exchange has striven for greater convenience at a lower cost, while also seeking improved security.
Automation has achieved some of these qualities for large transactions through computerized Electronic Funds Transfer ("EFT") systems. EFT is essentially a process of value exchange achieved through the banking system's centralized computer transactions. EFT services are a transfer of payments utilizing electronic "checks," which are used primarily by large commercial organizations.
Home banking bill payment services are examples of an EFT system used by individuals to make payments from a home computer. Currently, home banking initiatives have found few customers. Of the banks that have offered services for payments, account transfers, and information over the telephone lines using personal computers, less than one percent of the bank's customers are using the service. Home banking has not been a successful product, because, for example, the customer cannot deposit and withdraw money as needed in this type of system.
Current EFT systems, credit cards, or debit cards, which are used in conjunction with an on-line system to transfer money between accounts, such as between the account of a merchant and that of a customer, cannot satisfy the need for an automated transaction system providing an ergonomic interface. Examples of EFT systems that provide non-ergonomic interfaces are disclosed in U.S. Pat. Nos. 5,476,259; 5,459,304; 5,452,352; 5,448,045; 5,478,993; 5,455,407; 5,453,601; 5,465,291; and 5,485,510.
To implement an automated, convenient transaction that can dispense some form of economic value, there has been a trend towards off-line payments. For example, numerous ideas have been proposed for some form of "electronic money" that can be used in cashless payment transactions as alternatives to the traditional currency and check types of payment systems. See U.S. Pat. No. 4,977,595, entitled "METHOD AND APPARATUS FOR IMPLEMENTING ELECTRONIC CASH," and U.S. Pat. No. 4,305,059, entitled "MODULAR FUNDS TRANSFER SYSTEM." The more well-known techniques include magnetic stripe cards purchased for a given amount and from which a prepaid value can be deducted for specific purposes. Upon exhaustion of the economic value, the cards are thrown away. Other examples include memory cards or so called smart cards which are capable of repetitively storing information representing value that is likewise deducted for specific purposes. A smart card is generally a hand-held portable device that includes a microprocessor, input-output ports, and a non-volatile memory (e.g., a few kilobytes of memory).
It is desirable for a computer operated under the control of a merchant to obtain information offered by a customer and transmitted by a computer operating under the control of the customer over a publicly accessible packet-switched network (e.g., the Internet) to the computer operating under the control of the merchant, without risking the exposure of the information to interception by third parties that have access to the network, and to assure that the information is from an authentic source. It is further desirable for the merchant to transmit information, including a subset of the information provided by the customer, over such a network to a payment gateway computer system that is designated, by a bank or other financial institution that has the responsibility of providing payment on behalf of the customer, to authorize a commercial transaction on behalf of such a financial institution, without the risk of exposing that information to interception by third parties. Such institutions include, for example, financial institutions offering credit or debit card services.
One such attempt to provide such a secure transmission channel is a secure payment technology such as Secure Electronic Transaction (SET), jointly developed by the Visa and MasterCard card associations, and described in Visa and MasterCard's Secure Electronic Transaction (SET) Specification, Feb. 23, 1996, which is herein incorporated by reference in its entirety. Other such secure payment technologies include Secure Transaction Technology ("STT"), Secure Electronic Payments Protocol ("SEPP"), Internet Keyed Payments ("IKP"), Net Trust, and Cybercash Credit Payment Protocol. One of ordinary skill in the art readily comprehends that any of the secure payment technologies can be substituted for the SET protocol without undue experimentation. Such secure payment technologies require the customer to operate software that is compliant with the secure payment technology, interacting with third-party certification authorities, thereby allowing the customer to transmit encoded information to a merchant, some of which can be decoded by the merchant, and some of which can be decoded only by a payment gateway specified by the customer.
Another such attempt to provide such a secure transmission channel is a general-purpose secure communication protocol such as Netscape, Inc.'s Secure Sockets Layer (hereinafter "SSL"), as described in Freier, Karlton & Kocher (hereinafter "Freier"), The SSL Protocol Version 3.0, March 1996, and herein incorporated by reference in its entirety. SSL enables secure transmission between two computers. SSL has the advantage that it does not require special-purpose software to be installed on the customer's computer, because it is already incorporated into widely available software is that many people utilize as their standard Internet access medium, and SSL does not require that the customer interact with any third-party certification authority. Instead, the support for SSL may be incorporated into software already in use by the customer (e.g., the commercially available Netscape Navigator.TM. World Wide Web browsing tool).
However, although a computer on an SSL connection may initiate a second SSL connection to another computer, a drawback to the SSL approach is each SSL connection supports only a two-computer connection. Therefore, SSL does not provide a mechanism for transmitting encoded information to a merchant for retransmission to a payment gateway such that a subset of the information is readable to the payment gateway but not to the merchant. Thus, although SSL allows for robustly secure two-party data transmission, it does not meet the ultimate need of the electronic commerce market for robustly secure three-party data transmission.
Other examples of general-purpose secure communication protocols include Private Communications Technology ("PCT") from Microsoft, Inc., Secure Hyper-Text Transport Protocol ("SHTTP") from Terisa Systems, Shen, Kerberos, Photuris, and Pretty Good Privacy ("PGP"), which meets the IPSEC criteria. One of ordinary skill in the art readily comprehends that any of the general-purpose secure communication protocols can be substituted for the SSL transmission protocol without undue experimentation.
More recently, banks desired an Internet payment solution that emulates existing Point of Sale (POS) applications that are currently installed on their host computers and require minimal changes to their host systems. This is a critical requirement, because any downtime for a bank's host computer system represents an enormous expense. Currently, VeriFone supports over fourteen hundred different payment-related applications. The large number of applications is necessary to accommodate a wide variety of host message formats, diverse methods for communicating to a variety of hosts with different dial-up and direct-connect schemes, and different certification around the world. In addition, there are a wide variety of business processes that dictate how a Point of Sale (POS) terminal queries a user for data and subsequently displays the data. Also, various vertical market segments, such as hotels, car rental agencies, restaurants, retail sales, mail sales, and telephone sales require interfaces for different types of data to be entered, and provide different discount rates to merchants for complying with various data types. Moreover, a plethora of report generation mechanisms and formats are utilized by merchants that banking organizations work with appropriately.
Internet-based payment solutions require additional security measures that are not found in conventional POS terminals. This additional requirement is necessitated, because Internet communication is done over publicly-accessible, unsecured communication lines in stark contrast to the private, secure, dedicated phone or leased line service utilized between a traditional merchant and an acquiring bank. Thus, it is critical that any solution utilizing the Internet for a communication backbone employ some form of cryptography.
As discussed above, the current state-of-the-art in Internet-based payment processing is a protocol referred to as SET. Because SET messages are uniform across all implementations, banks cannot differentiate themselves in any reasonable way. Also, because SET is not a proper superset of all protocols utilized today, there are bank protocols that cannot be mapped or translated into SET, because they require data elements for which SET has no placeholder. Further, SET only handles the message types directly related to authorizing and capturing credit card transactions and adjustments to these authorizations or captures. In a typical POS terminal in the physical world, these messages comprise almost the entire volume of the total number of messages between the merchant and the authorizing bank, but only half of the total number of different message types. These message types, which are used infrequently, but which are critical to the operation of the POS terminal must be supported for proper transaction processing.
SUMMARY
Secure transmission of data is provided between a plurality of computer systems over a public communication system, such as the Internet. For example, secure transmission of data is provided between a merchant server and an acquirer gateway using Secure Electronic Transaction (SET) compliant messages. However, gateway-initiated messages are not SET compliant. Accordingly, secure transmission of data using additional messages that are not SET compliant is provided in accordance with one embodiment of the present invention.
In one embodiment, a method for virtual point of sale processing using gateway-initiated messages, includes receiving a first message (e.g., a Multipurpose Internet Mail Extensions(MIME)-encapsulated PKCS-7 message) from a gateway (e.g., an acquirer gateway) at a server (e.g., a merchant server) via a first channel, the first channel operating under a gateway-initiated messaging protocol. The method also includes transmitting a second message (e.g., a SET message or an extended SET message) from the server to the gateway via a second channel, the second channel operating under a server-initiated messaging protocol.
In one embodiment, an apparatus for virtual point of sale processing using gateway-initiated messages, includes a gateway (e.g., an acquirer gateway), the gateway transmitting a first message (e.g., a Multipurpose Internet Mail Extensions(MIME) -encapsulated PKCS-7 message) to a server (e.g., a merchant server) via a first channel, the first channel operating under a gateway-initiated messaging protocol. The apparatus also includes the server transmitting a second message (e.g., a SET message or an extended SET message) to the gateway via a second channel, the second channel operating under a server-initiated messaging protocol.
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing and other aspects and advantages are better understood from the following detailed description with reference to the drawings, in which:
FIG. 1A is a block diagram of a representative hardware environment in accordance with a preferred embodiment;
FIG. 1B depicts an overview in accordance with a preferred embodiment;
FIG. 1C is a block diagram of a payment processing system in accordance with a preferred embodiment;
FIG. 2 depicts a more detailed view of the customer computer system in communication with the merchant system using the customer-merchant session operating under the SSL protocol in accordance with a preferred embodiment;
FIG. 3 depicts an overview of the method of securely supplying payment information to a payment gateway in order to obtain payment authorization in accordance with a preferred embodiment;
FIG. 4 depicts the stages of generating and transmitting a payment authorization request in accordance with a preferred embodiment;
FIGS. 5A through 5F depict views of the payment authorization request and its component parts in accordance with a preferred embodiment;
FIGS. 6A and 6B depict the stages of processing a payment authorization request and generating and transmitting a payment authorization request response in accordance with a preferred embodiment;
FIGS. 7A through 7J depict views of the payment authorization response and its component parts in accordance with a preferred embodiment;
FIG. 8 depicts the stages of processing a payment authorization response in accordance with a preferred embodiment;
FIG. 9 depicts an overview of the method of securely supplying payment capture information to the payment gateway computer system in order to obtain payment capture in accordance with a preferred embodiment;
FIG. 10 depicts the stages of generating and transmitting a payment capture request in accordance with a preferred embodiment;
FIGS. 11A through 11F depict views of the payment capture request and its component parts in accordance with a preferred embodiment;
FIGS. 12A and 12B depict the stages of processing a payment capture request and generating and transmitting a payment capture request response in accordance with a preferred embodiment;
FIGS. 13A through 13F depict views of the payment capture response and its component parts in accordance with a preferred embodiment;
FIG. 14 depicts the stages of processing a payment capture response in accordance with a preferred embodiment;
FIGS. 15A and 15B depict transaction processing of merchant and consumer transactions in accordance with a preferred embodiment;
FIG. 16 illustrates a transaction class hierarchy block diagram in accordance with a preferred embodiment;
FIG. 17 shows a typical message flow between the consumer, the merchant, the vPOS terminal, and the Gateway in accordance with a preferred embodiment;
FIGS. 18A through 18E are block diagrams of the extended SET architecture in accordance with a preferred embodiment;
FIG. 19 is a flow diagram of vPOS merchant pay customization in accordance with a preferred embodiment;
FIGS. 20A through 20H are block diagrams and flow diagrams setting forth the detailed logic of thread processing;
FIG. 21 is a detailed diagram of a multithreaded gateway engine in accordance with a preferred embodiment;
FIG. 22 is a flow diagram of Internet-based processing in accordance with a preferred embodiment;
FIG. 23 illustrates a Gateway's role in a network in accordance with a preferred embodiment;
FIG. 24 is a block diagram of the Gateway in accordance with a preferred embodiment;
FIG. 25 is a block diagram of the vPOS Terminal Architecture in accordance with a preferred embodiment;
FIG. 26 is an architecture block diagram in accordance with a preferred embodiment;
FIG. 27 is a block diagram of the payment manager architecture in accordance with a preferred embodiment;
FIG. 28 is a Consumer Payment Message Sequence diagram in accordance with a preferred embodiment;
FIG. 29 is an illustration of a certificate issuance form in accordance with a preferred embodiment;
FIG. 30 illustrates a certificate issuance response in accordance with a preferred embodiment;
FIG. 31 illustrates a collection of payment instrument holders in accordance with a preferred embodiment;
FIG. 32 illustrates a default payment instrument bitmap in accordance with a preferred embodiment;
FIG. 33 illustrates a selected payment instrument with a fill-in-the-blanks for the cardholder in accordance with a preferred embodiment;
FIG. 34 illustrates a coffee purchase utilizing the newly defined VISA card in accordance with a preferred embodiment;
FIG. 35 is a flow diagram of conditional authorization of payment in accordance with a preferred embodiment;
FIGS. 36 through 48 are screen displays in accordance with a preferred embodiment;
FIG. 49 shows how the vPOS authenticates an incoming response to a request in accordance with a preferred embodiment;
FIG. 50 is a flow diagram for the merchant interaction with the Test Gateway in accordance with a preferred embodiment;
FIGS. 51 through 61 are flow diagrams depicting the detailed logic of the Gateway in accordance with a preferred embodiment;
FIG. 62 is the main administration display for the Gateway in accordance with a preferred embodiment;
FIG. 63 is a configuration panel in accordance with a preferred embodiment;
FIG. 64 is a host communication display for facilitating communication between the gateway and the acquirer payment host in accordance with a preferred embodiment;
FIG. 65 is a Services display in accordance with a preferred embodiment;
FIG. 66 is a graphical representation of the gateway transaction database in accordance with a preferred embodiment;
DETAILED DESCRIPTION
Recently, the Internet was proposed as a communication medium connecting personal computers with specialized reader hardware for facilitating reading and writing to smart cards. However, the Internet is not a secure communication medium, and value transfer is not secured. Thus, secure value transfer processing to facilitate smart card processing over the Internet is needed. In addition, support to ensure that no third party can hijack a value transfer transaction is required. For example, a hijack can occur if a third party diverts the transaction before it even starts. In the prior art face-to-face solution, both parties can confirm the other party's identity. However, the Internet generally separates the parties with miles of network lines.
A preferred embodiment of a system in accordance with the present invention is preferably practiced in the context of a personal computer such as a commercially available IBM PS/2, Apple Macintosh computer, or UNIX-based workstation. FIG. 1A is a block diagram of a representative hardware environment in accordance with a preferred embodiment. In particular, FIG. 1A illustrates a hardware configuration of a typical workstation having a central processing unit 10, such as a microprocessor, and a number of other units interconnected via a system bus 12. The workstation shown in FIG. 1A also includes a Random Access Memory (RAM) 14, a Read Only Memory (ROM) 16, an I/O adapter 18 for connecting peripheral devices such as disk storage units 20 to bus 12, a user interface adapter 22 for connecting a keyboard 24, a mouse 26, a speaker 28, a microphone 32, and possibly other user interface devices such as a touch screen (not shown) to bus 12, a communications adapter 34 for connecting the workstation to a communication network (e.g., a data processing network), and a display adapter 36 for connecting bus 12 to a display device 38. The workstation typically has resident thereon an operating system such as the Microsoft Windows NT.TM. or the Microsoft Windows 95.TM. Operating System (OS), the IBM OS/2, the Apple MAC OS, or the UNIX OS such as the HP-UX OS. Those skilled in the art will appreciate that the present invention may also be implemented on platforms and operating systems other than those mentioned above.
A preferred embodiment is written using the JAVA programming language, the C programming language, and the C++ programming language and utilizes an object-oriented programming methodology. Object-oriented programming (OOP) has become increasingly used to develop complex applications. As OOP moves toward the mainstream of software design and development, various software solutions require adaptation to make use of the benefits of OOP. A need exists for these principles of OOP to be applied to a messaging interface of an electronic messaging system such that a set of OOP classes and objects for the messaging interface can be provided.
Generally, OOP is a process of developing computer software using objects, which includes analyzing the problem, designing the system, and constructing the program. An object is a software package that typically includes both data and a collection of related structures and procedures. Because an object includes both data and a collection of structures and procedures, it can be visualized as a self-sufficient component that does not require other additional structures, procedures, or data to perform its specific task. Therefore, OOP views a computer program as a collection of largely autonomous components, called objects, each of which is responsible for a specific task. This concept of packaging data, structures, and procedures together in one component or module is called encapsulation.
In general, OOP components are reusable software modules that present an interface that conforms to an object model and are accessed at run-time through a component integration architecture. A component integration architecture is a set of architecture mechanisms which allow software modules in different process spaces to utilize each others capabilities or functions. This is generally implemented by assuming a common component object model on which to build the architecture.
It is worthwhile to differentiate between an object and a class of objects at this point. An object is a single instance of the class of objects, which is often just called a class. A class of objects can be viewed as a blueprint, from which many objects can be formed.
OOP allows the computer programmer to create an object that is a part of another object. For example, the object representing a piston engine is said to have a composition-relationship with the object representing a piston. In reality, a piston engine comprises a piston, valves, and many other components; the fact that a piston is an element of a piston engine can be logically and semantically represented in OOP by two objects. OOP also allows creation of an object that "depends from" another object. If there are two objects, one representing a piston engine and the other representing a piston engine which the piston is made of ceramic, then the relationship between the two objects is not that of composition. A piston engine in which the piston is ceramic does not make up a piston engine. Rather, it is merely one kind of piston engine that has one more limitation than the piston engine; its piston is made of ceramic. In this case, the object representing the ceramic piston engine is called a derived object, and it inherits all of the aspects of the object representing the piston engine and adds further limitation(s) or detail to it. The object representing the ceramic piston engine "depends from" the object representing the piston engine. The relationship between these objects is called inheritance.
When the object or class representing the ceramic piston engine inherits all of the aspects of the objects representing the piston engine, it inherits the thermal characteristics of a standard piston defined in the piston engine class. However, the ceramic piston engine object overrides these ceramic specific thermal characteristics, which are typically different from those associated with a metal piston. It skips over the original and uses new functions related to ceramic pistons. Different kinds of piston engines have different characteristics, but may have the same underlying functions associated with it (e.g., how many pistons in the engine, ignition sequences, and lubrication). To access each of these functions in any piston engine object, a programmer would call the same functions with the same names, but each type of piston engine may have different (e.g., overriding) implementations of functions behind the same name. This ability to hide different implementations of a function behind the same name is called polymorphism and it greatly simplifies communication among objects.
With the concepts of composition-relationship, encapsulation, inheritance, and polymorphism, an object can represent just about anything in the real world. In fact, our logical perception of the reality is perhaps the only theoretical limit on determining the kinds of things that can become objects in object-oriented software. Some typical categories are as follows:
Objects can represent physical objects, such as automobiles in a traffic-flow simulation, electrical components in a circuit-design program, countries in an economics model, or aircraft in an air-traffic-control system.
Objects can represent elements of the computer-user environment such as windows, menus, or graphics objects.
An object can represent an inventory such as a personnel file or a table of the latitudes and longitudes of cities.
An object can represent user-defined data types such as time, angles, and complex numbers, or points on the plane.
With this enormous capability of an object to represent just about any logically separable matters, OOP allows the software developer to design and implement a computer program that is a model of some aspects of reality, whether that reality is an article of manufacture, a machine (e.g., a system), a process, or a composition of matter.
Moreover, because the object can represent anything, the software developer can create an object that can be used as a component in a larger software project in the future. For example, if 90% of a new OOP software program consists of proven, existing components made from preexisting reusable objects, then only the remaining 10% of the new software project has to be written and tested from scratch. Because 90% already came from an inventory of extensively tested, reusable objects, the potential domain from which an error could originate is 10% of the program (assuming errors do not arise from integrating the new objects with the reusable objects). As a result, OOP enables software developers to build objects out of other, previously built, objects.
This process of manufacturing OOP technology closely resembles complex machinery being built out of assemblies and sub-assemblies. Therefore, OOP technology makes software engineering more like hardware engineering in that software is built from existing components, which are available to the developer as objects. All this adds up to an improved quality of the software as well as an increased speed of software development.
Programming languages are beginning to fully support the OOP principles, such as encapsulation, inheritance, polymorphism, and composition-relationship. With the advent of the well-known C++ language, many commercial software developers have embraced OOP. C++ is an OOP language that offers a fast, machine-executable code (i.e., after compilation of the C++ source code). Furthermore, C++ is suitable for both commercial-application projects and systems-programming projects. For now, C++ appears to be the most popular choice among many OOP programmers, but there is a host of other well-known OOP languages, such as Smalltalk, common lisp object system (CLOS), and Eiffel. Additionally, OOP capabilities are being added to more traditional, popular computer programming languages such as Pascal.
The benefits of object classes can be summarized, as follows:
Objects and their corresponding classes break down complex programming problems into many smaller, simpler problems.
Encapsulation enforces data abstraction through the organization of data into small, independent objects that can communicate with each other. Encapsulation protects the data in an object from accidental damage, but allows other objects to interact with that data by calling the object's member functions and structures.
Subclassing and inheritance make it possible to extend and modify objects through deriving new kinds of objects from the standard classes available in the system. Thus, new capabilities are created without having to start from scratch.
Polymorphism and multiple inheritance make it possible for different programmers to mix and match characteristics of many different classes and create specialized objects that can still work with related objects in predictable ways.
Class hierarchies and containment hierarchies provide a flexible mechanism for modeling real-world objects and the relationships among them.
Libraries of reusable classes are useful in many situations, but they also have some limitations. For example:
Complexity. In a complex system, the class hierarchies for related classes can become extremely confusing with many dozens or even hundreds of classes.
Flow of control. A program written with the aid of class libraries is still responsible for the flow of control (i.e., it must control the interactions among all the objects created from a particular library). The programmer has to decide which functions to call at what times for which kinds of objects.
Duplication of effort. Although class libraries allow programmers to use and reuse many small pieces of code, each programmer puts those pieces together in a different way. Two different programmers can use the same set of class libraries to write two programs that do exactly the same thing but whose internal structure (i.e., design) may be quite different, depending on hundreds of small decisions each programmer makes along the way. Inevitably, similar pieces of code end up doing similar things in slightly different ways and do not work as well together as they should.
Class libraries are very flexible. As programs grow more complex, more programmers are forced to reinvent basic solutions to basic problems over and over again. A relatively new extension of the class library concept is to have a framework of class libraries. This framework is more complex and consists of significant collections of collaborating classes that capture both the small scale patterns and major mechanisms that implement the common requirements and design in a specific application domain. They were first developed to free application programmers from the chores involved in displaying menus, windows, dialog boxes, and other standard graphical user interface elements for personal computers.
Frameworks also represent a change in the way programmers think about the interaction between the code they write and code written by others. In the early days of procedural programming, the programmer called libraries provided by the operating system to perform certain tasks, but basically the program executed down the page from start to finish, and the programmer was solely responsible for the flow of control. This was appropriate for printing out paychecks, calculating a mathematical table, or solving other problems with a program that executed in just one way.
The development of graphical user interfaces began to turn this procedural programming arrangement inside out. These interfaces allow the user, rather than program logic, to drive the program and decide when certain actions should be performed. Today, most personal computer software accomplishes this by means of an event loop which monitors the mouse, keyboard, and other sources of external events and calls the appropriate parts of the programmer's code according to actions that the user performs. The programmer no longer determines the order in which events occur. Instead, a program is divided into separate pieces that are called at unpredictable times and in an unpredictable order. By relinquishing control in this way to users, the developer creates a program that is much easier to use. Nevertheless, individual pieces of the program written by the developer still call libraries provided by the operating system to accomplish certain tasks, and the programmer must still determine the flow of control within each piece after it is called by the event loop. Application code still "sits on top of" the system.
Even event loop programs require programmers to write a lot of code that should not need to be written separately for every application. The concept of an application framework carries the event loop concept further. Instead of dealing with all the nuts and bolts of constructing basic menus, windows, and dialog boxes and then making these things all work together, programmers using application frameworks start with working application code and basic user interface elements in place. Subsequently, they build from there by replacing some of the generic capabilities of the framework with the specific capabilities of the intended application.
Application frameworks reduce the total amount of code that a programmer has to write from scratch. However, because the framework is really a generic application that displays windows, supports copy and paste, and so on, the programmer can also relinquish control to a greater degree than event loop programs permit. The framework code takes care of almost all event handling and flow of control, and the programmer's code is called only when the framework needs it (e.g., to create or manipulate a proprietary data structure).
A programmer writing a framework program not only relinquishes control to the user (as is also true for event loop programs), but also relinquishes the detailed flow of control within the program to the framework. This approach allows the creation of more complex systems that work together in interesting ways, as opposed to isolated programs, having custom code, being created over and over again for similar problems.
Thus, a framework basically is a collection of cooperating classes that make up a reusable design solution for a given problem domain. It typically includes objects that provide default behavior (e.g., for menus and windows), and programmers use it by inheriting some of that default behavior and overriding other behavior so that the framework calls application code at the appropriate times.
There are three main differences between frameworks and class libraries:
Behavior versus protocol. Class libraries are essentially collections of behaviors that you can call when you want those individual behaviors in your program. A framework, on the other hand, provides not only behavior but also the protocol or set of rules that govern the ways in which behaviors can be combined, including rules for what a programmer is supposed to provide versus what the framework provides.
Call versus override. With a class library, the programmer writes code that instantiates objects and calls their member functions. Its possible to instantiate and call objects in the same way with a framework (i.e., to treat the framework as a class library), but to take full advantage of a framework's reusable design, a programmer typically writes code that overrides and is called by the framework. The framework manages the flow of control among its objects. Writing a program involves dividing responsibilities among the various pieces of software that are called by the framework rather than specifying how the different pieces should work together.
Implementation versus design. With class libraries, programmers reuse only implementations, whereas with frameworks, they reuse design. A framework embodies the way a family of related programs or pieces of software work. It represents a generic design solution that can be adapted to a variety of specific problems in a given domain. For example, a single framework can embody the way a user interface works, even though two different user interfaces created with the same framework might solve quite different interface problems.
Thus, through the development of frameworks for solutions to various problems and programming tasks, significant reductions in the design and development effort for software can be achieved.
A preferred embodiment of the invention utilizes the well-known HyperText Markup Language (HTML) to implement documents on the Internet together with a general-purpose secure communication protocol for a transport medium between the client and the merchant. One skilled in the art readily recognizes that HTTP (HyperText Transfer Protocol) or other protocols could be readily substituted for HTML without undue experimentation. Information on these products is available in T. Berners-Lee, D. Connoly, "RFC 1866: Hypertext Markup Language--2.0" (November 1995), which is herein incorporated by reference in its entirety; and R. Fielding, H, Frystyk, T. Berners-Lee, J. Gettys, and J. C. Mogul, "Hypertext Transfer Protocol--HTTP/1.1: HTTP Working Group Internet Draft" (May 2, 1996), which is herein incorporated by reference in its entirety. HTML is a well-known data format used to create hypertext documents that are portable from one platform to another. HTML documents are Standard Generalized Markup Language (SGML) documents with generic semantics that are appropriate for representing information from a wide range of domains. HTML has been in use by the World-Wide Web (WWW) global information initiative since about 1990. HTML is an application of ISO Standard 8879:1986 Information Processing Text and Office Systems; Standard Generalized Markup Language (SGML).
To date, Web development tools have been limited in their ability to create dynamic Web applications which span from client to server and interoperate with existing computing resources. Until recently, HTML has been the dominant technology used in development of Web-based solutions. However, HTML has proven to be inadequate in the following areas:
Poor performance;
Restricted user interface capabilities;
Can only produce static Web pages;
Lack of interoperability with existing applications and data; and
Inability to scale.
Sun Microsystems, Inc.'s well-known Java.TM. programming language solves many of the client-side problems by:
Improving performance on the client side;
Enabling the creation of dynamic, real-time Web applications; and
Providing the ability to create a wide variety of user interface components.
With Java.TM., developers can create robust User Interface (UI) components. For example, custom "widgets" (e.g., real-time stock tickers and animated icons) can be created and client-side performance is improved. Unlike HTML, Java.TM. supports the notion of client-side validation and offloading appropriate processing onto the client for improved performance. Accordingly, using Java.TM., dynamic, real-time Web pages can be created. Moreover, using the above-mentioned custom UI components, dynamic Web pages can also be created.
Sun Microsystems, Inc.'s Java.TM. programming language has emerged as an industry-recognized language for "programming the Internet." Sun defines Java.TM. as follows: a simple, object-oriented, distributed, interpreted, robust, secure, architecture-neutral, portable, high-performance, multi-threaded, dynamic, buzzword-compliant, general-purpose programming language. Java.TM. supports programming for the Internet in the form of platform-independent Java.TM. applets. Java.TM. applets are small, specialized applications that comply with Sun's Java.TM. Application Programming Interface (API) allowing developers to add "interactive content" to Web documents (e.g., simple animations, page adornments, and basic games). Applets execute within a Java.TM.-compatible browser (e.g., Netscape Navigator) by copying code from the server to client. From a language standpoint, a core feature set of Java.TM. is based on C++. Sun's Java.TM. literature states that Java.TM. is basically C++ with extensions from Objective C for more dynamic method resolution.
Another technology that provides functions similar to Java.TM. is provided by Microsoft and ActiveX Technologies to give developers and Web designers the wherewithal to build dynamic content for the Internet and personal computers. ActiveX includes tools for developing animation, 3-D virtual reality, video, and other multimedia content. The tools use Internet standards, work on multiple platforms, and are being supported by over 100 companies. The group's building blocks are called ActiveX Controls, which are small, fast components that enable developers to embed parts of software in HTML pages. ActiveX Controls work with a variety of programming languages including Microsoft Visual C++, Borland Delphi, Microsoft Visual Basic programming system and, in the future, Microsoft's development tool for Java.TM., code-named "Jakarta." ActiveX Technologies also includes ActiveX Server Framework, allowing developers to create server applications. One of ordinary skill in the art readily recognizes that ActiveX or other technologies could be substituted for Java.TM. without undue experimentation to practice the invention.
FIG. 1B depicts an overview in accordance with a preferred embodiment. A customer computer system 120 is in communication with a merchant computer system 130. A customer-merchant session 150 operates under a general-purpose secure communication protocol such as the SSL protocol. Merchant computer system 130 is additionally in communication with a payment gateway computer system 140. Payment gateway computer system 140 is a system that provides electronic commerce services to support a financial institution such as a bank and that interfaces to the financial institution to support the authorization and capture of transactions. A customer-institution session 170 operates under a variant of a secure payment technology such as the SET protocol, as described herein, referred to as Merchant-Originated Secure Electronic Transactions ("MOSET"), as is more fully described herein.
CERTIFICATE PROCESSING
Merchants generally require a mechanism for verifying legitimate cardholders of valid, branded bankcard account numbers. A preferred embodiment utilizes technology to link a cardholder to a specific bankcard account number and reduce the incidence of fraud and thereby the overall cost of payment processing. Payment processing includes a mechanism that allows for cardholder confirmation that a merchant has a relationship with a financial institution allowing it to accept bankcard payments. Cardholders should also be provided with a way to identify merchants with whom they can securely conduct electronic commerce. Merchant authentication is ensured by the use of digital signatures and merchant certificates.
In a preferred embodiment, a holder of a payment instrument (cardholder) surfs (browses WWW sites) the WWW (Internet) for required items. This is typically accomplished by using a browser to view on-line catalog information on the merchant's WWW page. However, order numbers can also be selected from paper catalogs or a CD-ROM and entered manually into the system. This method allows a cardholder to select the items to be purchased either automatically or manually. Then, the cardholder is presented with an order form containing the list of items, their prices, and totals. The totals could include, for example, shipping, handling, and taxes. The order form is delivered electronically from the merchant's server or created on the cardholder's computer by electronic shopping software. An alternative embodiment supports a negotiation for goods by presenting frequent shopper identification and information about a competitor's prices.
Once the price of goods sold and the payment option(s) have been selected, the merchant submits a completed order and the payment instruction. The order and payment instructions are digitally signed by cardholders who possess certificates. The merchant then requests payment authorization from the cardholder's financial institution. Then, the merchant sends confirmation of the order and eventually ships the requested goods or performs the requested services. The merchant also requests payment from the cardholder's financial institution.
FIG. 1C is a block diagram of a payment processing system in accordance with a preferred embodiment. The Certificate Issuance 162 resides at a bank web site 182. It is utilized for issuing SET-complaint, X.500 certificates to consumers. The implementation of this system may vary from one bank to another. However, the system gathers a consumer's personal information, and after processing the information, the system issues a certificate along with a payment instrument to the consumer.
A Single Account Wallet 160 at bank web site 182 represents the MIME message that is created by the Certificate Issuance system. This MIME message contains a VeriFone wallet. The VeriFone wallet contains a single payment instrument and the certificate associated with it. For security reasons, the private key is not included in the wallet. The consumer has to specify a private key before using the instrument for payment. When the consumer is issued the certificate, this MIME message is sent to a browser, which resides at a consumer desktop 186. The browser launches a Certificate Installation application 174, 144, which is defined as a helper application in the browser. The Certificate Installation application 174, 144 reads the MIME message and installs a wallet into a wallet database 158.
Various helper applications 188, 172, 174, 176 are provided to make the consumer's shopping experience easy and efficient. A Paywindow helper application 188 is utilized by the consumer to authorize the payment to the merchant, to administer their wallets, to review their previously completed payment transactions, and to perform housekeeping activities on the wallets. This application is defined as a `helper` application on the consumer's desktop. The browser launches this application when the merchant system sends a MIME message requesting payment.
PayWindow Setup Helper application 172 is used by the consumer to install helper applications and other modules from the web site onto the consumer desktop. When a consumer attempts to install an application for a first time, the consumer does not have a helper application on the desktop. Thus, the first time installation of an application requires a consumer to perform two steps. First, the user downloads the system package to their desktop, and then the user runs setup to decompress and install the system. Thereafter, whenever the consumer gets a new release of system software, the browser launches this helper application, which in turn installs the appropriate other system modules.
Certificate Installation Helper Application 174 is utilized to install a wallet that is issued by a bank. When the bank's certificate issuance web system sends the MIME message containing the VeriFone wallet, the browser launches this application. This application queries a consumer to determine if the payment instrument contained in the wallet is to be copied to an existing wallet or to be kept in the new wallet. This application then installs the payment instrument and the certificate into wallet database 158.
Certificate Issuance CGI scripts 162 and Single Account Wallet 160 at Bank Web Site 182 is processed as described in the native system. The Certificate Installation Applet of Bank Web Site 182 is utilized by the Certificate Issuance CGI scripts 162 system to deliver a consumer's certificate to the consumer's desktop.
CUSTOMER-TO-MERCHANT COMMUNICATION
FIG. 2 depicts a more detailed view of customer computer system 120 in communication with merchant system 130 using customer-merchant session 150 operating under the SSL protocol (as documented in Freier (cited and incorporated by reference above)) in accordance with a preferred embodiment. Customer computer system 120 initiates communication with merchant computer system 130 using any well-known access protocol (e.g., Transmission Control Protocol/Internet Protocol ("TCP/IP")). A description of TCP/IP is provided in Information Sciences Institute, "Transmission Control Protocol DARPA Internet Program Protocol Specification (RFC 793)" (September, 1981), which is herein incorporated by reference in its entirety, and Information Sciences Institute, "Internet Protocol DARPA Internet Program Protocol Specification (RFC 791)" (September, 1981), which is herein incorporated by reference in its entirety. In this implementation, customer computer system 120 acts as a client and merchant computer system 130 acts as a server.
Customer computer system 120 initiates communication by sending a "client hello" message 210 to merchant computer system 130. When a client first connects to a server it sends client hello message 210 as its first message. The client can also send client hello message 210 in response to a hello request on its own initiative in order to renegotiate the security parameters in an existing connection. Client hello message 210 includes a random structure, which is used later in the protocol. Specifically, the random structure includes the current time and date in standard UNIX 32-bit format according to the sender's internal clock and twenty-eight bytes of data generated by a secure random number generator. Client hello message 210 further includes a variable length session identifier. If not empty, the session identifier value identifies a session between the same client and server whose security parameters the client wishes to reuse. The session identifier may be from an earlier connection, the current connection, or another currently active connection. For example, it is useful to specify the current connection if the client only wishes to update the random structures and derived values of a connection, and it is useful to specify another currently active connection if the client wishes to establish several simultaneous independent secure connections to the same server without repeating the full handshake protocol. Client hello message 210 further includes an indicator of the cryptographic algorithms supported by the client in order of the client's preference (i.e., ordered according to client preference).
In response to client hello message 210, if merchant computer system 130 wishes to correspond with customer computer system 120, then it responds with a server hello message 215. If merchant computer system 130 does not wish to communicate with customer computer system 120, then it responds with a message, which is not shown, indicating refusal to communicate.
Server hello message 215 includes a random structure, which is used later in the protocol. The random structure in server hello message 215 is in the same format as, but has contents independent of, the random structure in client hello message 210. Specifically, the random structure includes the current time and date in standard UNIX 32-bit format according to the sender's internal clock and twenty-eight bytes of data generated by a secure random number generator. Server hello message 215 further includes a variable length session identifier. The session identifier value identifies a new or existing session between the same client and server. Server hello message 215 further includes an indicator of the cryptographic algorithms selected from among the algorithms specified by client hello message 210, which is utilized in further encrypted communications.
Optionally, merchant computer system 130 transmits a server certificate 220. If transmitted then, server certificate 220 enables customer computer system 120 to authenticate the identity of merchant computer system 130.
If merchant computer system 130 does not transmit server certificate 220, or if server certificate 220 is suitable only for authentication, then merchant computer system 130 optionally transmits a server key exchange message 225. Server key exchange message 225 identifies a key that can be used by customer computer system 120 to decrypt further messages sent by merchant computer system 130.
After transmitting server hello message 215, and optionally transmitting server certificate 220 or server key exchange message 225 or both, merchant computer system 130 transmits a server hello done message 230 and waits for a further response from customer computer system 120.
Customer computer system 120 optionally transmits a client certificate 240 to merchant computer system 130. If transmitted, then client certificate 240 enables merchant computer system 130 to authenticate the identity of customer computer system 120. Alternatively, customer computer system 120 may transmit a no-client-certificate alert 245 to indicate that the customer has not registered with any certification authority.
If customer computer system 120 does not transmit client certificate 240, or if client certificate 240 is suitable only for authentication, then customer computer system 120 optionally transmits a client key exchange message 250. Client key exchange message 250 identifies a key that may be used by merchant computer system 130 to decrypt further messages sent by customer computer system 120.
After optionally transmitting client certificate 240, and no-client-certificate alert 245 or client key exchange message 250 or both, customer computer system 120 transmits a finished message 260.
At this point, customer computer system 120 and merchant computer system 130 have performed the following operations:
1) negotiated an encryption scheme that can be commonly employed in further communications, and
2) communicated to each other a set of encryption keys that can be used to decrypt further communications between the two computer systems.
Customer computer system 120 and merchant computer system 130 can thereafter engage in secure communications 270 with less risk of interception by third parties.
Among the messages communicated by customer computer system 120 to merchant computer system 130 may be messages that specify goods or services to be ordered and payment information, such as a credit card number and related information, collectively referred to as "payment information," that can be used to pay for the goods or the services (or both) ordered. In order to obtain payment, the merchant supplies this information to the bank or other payment gateway responsible for the proffered payment method. This enables the merchant to perform payment authorization and payment capture.
Payment authorization is a process by which permission is granted by a payment gateway operating on behalf of a financial institution to authorize payment on behalf of the financial institution. In one embodiment, payment authorization is a process that assesses transaction risk, confirms that a given transaction does not raise the account holder's debt above the account's credit limit, and reserves the specified amount of credit; and payment capture is a process that triggers the movement of funds from the financial institution to the merchant's account after settlement of the account.
PAYMENT AUTHORIZATION
Merchants generally utilize point-of-sale (POS) products for credit and debit transactions on a daily basis. However, handling Internet transactions is destined to become a necessary function for every payment processing system. Today, merchants often transmit data received over the Internet inefficiently. Some fax the information or waste time keying data into a non-Internet system.
An embodiment in accordance with the present invention allows an acquirer processor to accept transactions from Internet storefronts (e.g., Web sites that offer goods or services or both for sale) without altering a current host environment. The system converts payment protocol messages and simultaneously manages transactions from a number of Internet merchant servers. As the number of transactions grows, the payment gateway can be cost-effectively and efficiently scaled to handle the increased business, and the payment gateway can be configured to work with specific business processes used by the acquirer. Thus, the payment gateway supports Internet processing utilizing payment processing operations.
Accordingly, the payment gateway provides support for configuring and installing the Internet payment capability utilizing existing host POS technology. The payment gateway also provides an intuitive Graphical User Interface (GUI) with support built-in to accommodate future payment instruments such as debit cards, electronic checks, electronic cash, and micropayments. The payment gateway implements secure transactions using the well-known RSA (Rivest Shamir Adleman) public-key cryptography system and the well-known MasterCard/Visa Secure Electronic Transaction (SET) protocol. The gateway also provides full functionality for merchant payment processing including authorization, capture, settlement, and reconciliation while providing monitor activity with reporting and tracking of transactions sent over the Internet. Finally, the payment gateway also implements Internet payment procedures that match current processor business models to ensure consistency for merchants.
FIG. 3 depicts an overview of the method of securely supplying payment information to a payment gateway in order to obtain payment authorization in accordance with a preferred embodiment. In function block 310, merchant computer system 130 generates a payment authorization request 315 and transmits it to payment gateway computer system 140. In function block 330, payment gateway system 140 processes payment authorization request 315, generates a payment authorization response 325, and transmits it to merchant computer system 130. In function block 320, merchant computer system 130 processes payment authorization response 325 and determines whether payment for the goods or the services (or both) sought to be obtained by the customer has been authorized.
PAYMENT AUTHORIZATION REQUEST GENERATION
FIG. 4 depicts the stages of generating and transmitting a payment authorization request in accordance with a preferred embodiment. FIGS. 5A through 5F depict views of the payment authorization request and its component parts in accordance with a preferred embodiment. In function block 410, merchant computer system 130 creates a basic authorization request 510. Basic authorization request 510 is a data area that includes information for determining whether a request should be granted or denied. Specifically, it includes such information as the party who is being charged, the amount to be charged, the account number of the account to be charged, and any additional data, such as passwords, needed to validate the charge. This information is either calculated based upon prior customer merchandise selection or provided by the customer over secure link 270 established in the customer-merchant general-purpose secure communication protocol session. FIG. 5A depicts basic authorization request 510 in accordance with a preferred embodiment.
In function block 420, merchant computer system 130 combines basic authorization request 510, a copy of its encryption public key certificate 515, and a copy of its signature public key certificate 520. Merchant computer system 130 calculates a digital signature 525 for the combined contents of a combined block 530 including basic authorization request 510, encryption public key certificate 515, and signature public key certificate 520, and appends it to the combination of the combined basic authorization request 510, encryption public key certificate 515, and signature public key certificate 520. Merchant computer system 130 calculates digital signature 525 by first calculating a "message digest" based upon the contents of the combined basic authorization request 510, encryption public key certificate 515, and signature public key certificate 520. A message digest is the fixed-length result that is generated when a variable length message is fed into a one-way hashing function. Message digests help verify that a message has not been altered because altering the message would change the digest. The message digest is then encrypted using merchant computer system's 130 digital signature private key, thus forming a digital signature. FIG. 5B depicts combined block 530 formed by function block 420 and including basic authorization request 510, encryption public key certificate 515, signature public key certificate 520, and digital signature 525, in accordance with a preferred embodiment.
In function block 430, merchant computer system 130 generates a random encryption key RK-0 540. Random encryption key RK-0 540 is a symmetric encryption key. A symmetric encryption key is a key characterized by the property that a message encrypted with a symmetric key can be decrypted with that same key, which is unlike an asymmetric key pair, such as a public-key/private-key key pair, in which a message encrypted with one key of the key pair may only be decrypted with the other key of the same key pair. FIG. 5C depicts random encryption key RK-0 540 in accordance with a preferred embodiment.
In function block 440, merchant computer system 130 encrypts combined block 530 using random encryption key RK-0 540 to form an encrypted combined block 550. FIG. 5D depicts encrypted combined block 550 in accordance with a preferred embodiment. The encryption state of encrypted combined block 550 is graphically shown by a random key lock 555, which indicates that encrypted combined block 550 is encrypted using random key RK-0 540.
In function block 450, merchant computer system 130 encrypts random key RK-0 540 using the public key of payment gateway system 140 to form an encrypted random key 560. FIG. 5E depicts encrypted random key 560 in accordance with a preferred embodiment. The encryption state of encrypted random key 560 is graphically shown by a payment gateway public key lock 565, which indicates that encrypted random key 560 is encrypted using the public key of payment gateway system 140.
In function block 460, merchant computer system 130 concatenates encrypted combined block 550 and encrypted random key 560 to form merchant authorization request 315. FIG. 5F depicts merchant authorization request 315 including encrypted combined block 550 and encrypted random key 560 in accordance with a preferred embodiment. In function block 470, merchant computer system 130 transmits merchant authorization request 315 to payment gateway system 140.
PAYMENT AUTHORIZATION REQUEST PROCESSING
FIGS. 6A and 6B depict the stages of processing a payment authorization request and generating and transmitting a payment authorization request response in accordance with a preferred embodiment. Function blocks 610 through 630 depict the stages of processing a payment authorization request, and function blocks 635 through 685 depict the stages of generating and transmitting a payment authorization request response.
In function block 610, payment gateway computer system 140 applies its private key to encrypted random key 560 contained within received merchant authorization request 315, thereby decrypting it and obtaining a cleartext version of random key RK-0 540. In function block 615, payment gateway computer system 140 applies random key RK-0 540 to encrypted combined block 550, thereby decrypting it and obtaining a cleartext version of combined block 530. Combined block 530 includes basic authorization request 510, a copy of merchant computer system's 130 encryption public key certificate 515, and a copy of merchant computer system's 130 signature public key certificate 520, as well as merchant digital signature 525.
In function block 620, payment gateway computer system 140 verifies merchant computer system's 130 encryption public key certificate 515 and merchant computer system's 130 signature public key certificate 520. Payment gateway computer system 140 performs this verification by making a call to the certification authorities associated with each certificate. If verification of either certificate fails, then payment gateway computer system 140 rejects the authorization request.
In function block 625, payment gateway computer system 140 validates merchant digital signature 525. Payment gateway computer system 140 performs this validation by calculating a message digest over the contents of the combined basic authorization request 510, encryption public key certificate 515, and signature public key certificate 520. Payment gateway computer system 140 then decrypts digital signature 525 to obtain a copy of the equivalent message digest calculated by merchant computer system 130 in function block 420. If the two message digests are equal, then the digital signature 525 is validated. If validation fails, then payment gateway computer system 140 rejects the authorization request.
In function block 630, payment gateway computer system 140 determines the financial institution for which authorization is required by inspection of basic authorization request 510. Payment gateway computer system 140 contacts the appropriate financial institution using a secure means (e.g., a direct-dial modem-to-modem connection or a proprietary internal network that is not accessible to third parties), and using prior art means, obtains a response indicating whether the requested payment is authorized.
PAYMENT AUTHORIZATION RESPONSE GENERATION
Function blocks 635 through 685 depict the stages of generating and transmitting a payment authorization request response. FIGS. 7A through 7J depict views of the payment authorization response and its component parts in accordance with a preferred embodiment.
In function block 635, payment gateway computer system 140 creates a basic authorization response 710. Basic authorization response 710 is a data area that includes information for determining whether a request was granted or denied. FIG. 7A depicts basic authorization response 710 in accordance with a preferred embodiment.
In function block 640, payment gateway computer system 140 combines basic authorization response 710 and a copy of its signature public key certificate 720. Payment gateway computer system 140 calculates a digital signature 725 for the combined contents of combined block 730 that includes basic authorization response 710 and signature public key certificate 720, and appends the signature to the combination of the combined basic authorization response 710 and signature public key certificate 720. Payment gateway computer system 140 calculates digital signature 725 by first calculating a message digest based on the contents of the combined basic authorization response 710 and signature public key certificate 720. The message digest is then encrypted using merchant computer system's 140 digital signature private key, thus forming a digital signature. FIG. 7B depicts combined block 730 formed in function block 640 and containing basic authorization response 710, the signature public key certificate 720, and digital signature 725 in accordance with a preferred embodiment.
In function block 645, payment gateway computer system 140 generates a first symmetric random encryption key RK-1 740. FIG. 7C depicts random encryption key RK-1 740 in accordance with a preferred embodiment.
In function block 650, payment gateway computer system 140 encrypts combined block 730 using random encryption key RK-1 740 to form an encrypted combined block 750. FIG. 7D depicts encrypted combined block 750 in accordance with a preferred embodiment. The encryption state of encrypted combined block 750 is graphically shown by a random key lock 755, which indicates that encrypted combined block 750 is encrypted using random encryption key RK-1 740.
In function block 655, payment gateway computer system 140 encrypts random encryption key RK-1 740 using the public key of merchant computer system 130 to form an encrypted random key RK-760. FIG. 7E depicts encrypted random key RK-1 760 in accordance with a preferred embodiment. The encryption state of encrypted random key RK-1 760 is graphically shown by a merchant public key lock 765, which indicates that encrypted random key RK-1 760 is encrypted using the merchant public key.
In function block 660, payment gateway computer system 140 generates a random capture token 770. Random capture token 770 is utilized in subsequent payment capture processing to associate the payment capture request with the payment authorization request being processed. FIG. 7F depicts random capture token 770 in accordance with a preferred embodiment.
In function block 665, payment gateway computer system 140 generates a second symmetric random encryption key RK-2 775. FIG. 7G depicts second random encryption key RK-2 775 in accordance with a preferred embodiment.
In function block 670, payment gateway computer system 140 encrypts capture token 770 using random encryption key RK-2 775 to form an encrypted capture token 780. FIG. 7H depicts encrypted capture token 780 in accordance with a preferred embodiment. The encryption state of encrypted capture token 780 is graphically shown by a random key lock 785, which indicates that encrypted capture token 780 is encrypted using random key RK-2 775.
In function block 675, payment gateway computer system 140 encrypts second random encryption key RK-2 775 using its own public key to form an encrypted random key RK-2 790 in accordance with a preferred embodiment. FIG. 7I depicts encrypted random key RK-2 790. The encryption state of encrypted random key 790 is graphically shown by a payment gateway public key lock 795, which indicates that encrypted random key 790 is encrypted using the payment gateway public key.
In function block 680, payment gateway computer system 140 concatenates encrypted combined block 750, encrypted random key RK-1 760, encrypted capture token 780, and encrypted random key RK-2 790 to form merchant authorization response 325. FIG. 7J depicts merchant authorization response 325 including encrypted combined block 750, encrypted random key RK-1 760, encrypted capture token 780, and encrypted random key RK-2 790 in accordance with a preferred embodiment. In function block 685, payment gateway computer system 140 transmits merchant authorization response 325 to merchant system 130.
PAYMENT AUTHORIZATION RESPONSE PROCESSING
FIG. 8 depicts the stages of processing a payment authorization response in accordance with a preferred embodiment. In function block 810, merchant computer system 130 applies its private key to encrypted random key RK-1 760 contained within received merchant authorization response 325, thereby decrypting it and obtaining a cleartext version of random key RK-1 740. In function block 820, merchant computer system 130 applies random key RK-1 740 to encrypted combined block 750, thereby decrypting it and obtaining a cleartext version of combined block 730. Combined block 730 includes basic authorization response 710, a copy of payment gateway computer system's 140 signature public key certificate 720, as well as payment gateway digital signature 725.
In function block 830, merchant computer system 130 verifies payment gateway computer system's 140 signature public key certificate 720. Merchant computer system 130 performs this verification by making a call to the certification authority associated with the certificate. If verification of the certificate fails, then merchant computer system 130 concludes that the authorization response is counterfeit and treats it as though the authorization request had been rejected.
In function block 840, merchant computer system 130 validates payment gateway digital signature 725. Merchant computer system 130 performs this validation by calculating a message digest over the contents of combined basic authorization request 710 and signature public key certificate 720. Merchant computer system 130 then decrypts digital signature 725 to obtain a copy of the equivalent message digest calculated by payment gateway computer system 140 in function block 640. If the two message digests are equal, then digital signature 725 is validated. If validation fails, then merchant computer system 130 concludes that the authorization response is counterfeit and treats it as though the authorization request had been rejected.
In function block 850, merchant computer system 130 stores encrypted capture token 780 and encrypted random key RK-2 790 for later use in payment capture.
In function block 860, merchant computer system 130 processes the customer purchase request in accordance with authorization response 710. If authorization response 710 indicates that payment is authorized, then merchant computer system 130 fills the requested order. If the authorization response indicates that payment is not authorized, or if merchant computer system 130 determined in function block 830 or function block 840 that the authorization response is counterfeit, then merchant computer system 130 indicates to the customer that the order cannot be filled.
PAYMENT CAPTURE
FIG. 9 depicts an overview of the method of securely supplying payment capture information to payment gateway computer system 140 in order to obtain payment capture in accordance with a preferred embodiment. In function block 910, merchant computer system 130 generates a merchant payment capture request 915 and transmits it to payment gateway computer system 140. In function block 930, payment gateway computer system 140 processes payment capture request 915, generates a payment capture response 925, and transmits it to merchant computer system 130. In function block 920, merchant computer system 130 processes payment capture response 925 and verifies that payment for the goods or the services (or both) sought to be obtained by the customer have been captured.
PAYMENT CAPTURE REQUEST GENERATION
FIG. 10 depicts the stages of generating and transmitting a payment capture request in accordance with a preferred embodiment. FIGS. 11A through 11F depict views of the payment capture request and its component parts in accordance with a preferred embodiment. In function block 1010, merchant computer system 130 creates a basic capture request 1110. Basic capture request 1110 is a data area that includes information needed by payment gateway computer system 140 to trigger a transfer of funds to the merchant operating merchant computer system 130. Specifically, basic capture request 1110 includes a capture request amount, a capture token, a date, summary information of the purchased items, and a Merchant ID (MID) for the particular merchant. FIG. 11A depicts basic capture request 1110 in accordance with a preferred embodiment.
In function block 1020, merchant computer system 130 combines basic capture request 1110, a copy of its encryption public key certificate 1115, and a copy of its signature public key certificate 1120. Merchant computer system 130 calculates a digital signature 1125 for the combined contents of the combined block 1130 including basic capture request 1110, encryption public key certificate 1115, and signature public key certificate 1120, and appends it to the combination of the combined basic capture request 1110, encryption public key certificate 1115, and signature public key certificate 1120. Merchant computer system 130 calculates digital signature 1125 by first calculating a message digest over the contents of the combined basic capture request 1110, encryption public key certificate 1115, and signature public key certificate 1120. The message digest is then encrypted using merchant computer system's 130 digital signature private key, thus forming a digital signature. FIG. 11B depicts combined block 1130 formed by function block 1020 and including basic capture request 1110, encryption public key certificate 1115, signature public key certificate 1120, and digital signature 1125.
In function block 1030, merchant computer system 130 generates a random encryption key RK-3 1140. Random encryption key RK-3 1140 is a symmetric encryption key. FIG. 11C depicts random encryption key RK-3 1140 in accordance with a preferred embodiment.
In function block 1040, merchant computer system 130 encrypts combined block 1130 using random encryption key RK-3 1140 to form an encrypted combined block 1150. FIG. 11D depicts encrypted combined block 1150 in accordance with a preferred embodiment. The encryption state of encrypted combined block 1150 is graphically shown by a random key lock 1155, which indicates that encrypted combined block 1150 is encrypted using random key RK-3 1140.
In function block 1050, merchant computer system 130 encrypts random encryption key RK-3 1140 using the public key of payment gateway computer system 140 to form an encrypted random key 1160. FIG. 11E depicts encrypted random key 1160 in accordance with a preferred embodiment. The encryption state of encrypted random key 1160 is graphically shown by a payment gateway public key lock 1165, which indicates that encrypted random key RK-3 1160 is encrypted using the payment gateway public key.
In function block 1060, merchant computer system 130 concatenates encrypted combined block 1150, encrypted random key 1160, and encrypted capture token 780 and encrypted random key RK-2 790 that were stored in function block 850 to form merchant capture request 915. FIG. 11F depicts merchant capture request 915, including encrypted combined block 1150, encrypted random key 1160, encrypted capture token 780, and encrypted random key RK-2 790 in accordance with a preferred embodiment. In function block 1070, merchant computer system 130 transmits merchant capture request 915 to payment gateway computer system 140.
PAYMENT CAPTURE REQUEST PROCESSING
FIGS. 12A and 12B depict the stages of processing a payment capture request and generating and transmitting a payment capture request response in accordance with a preferred embodiment. Function blocks 1210 through 1245 depict the stages of processing a payment capture request, and function blocks 1250 through 1285 depict the stages of generating and transmitting a payment capture request response.
In function block 1210, payment gateway computer system 140 applies its private key to encrypted random key 1160 contained within received merchant capture request 915, thereby decrypting it and obtaining a cleartext version of random key RK-3 1140.
In function block 1215, payment gateway computer system 140 applies random key RK-3 1140 to encrypted combined block 1150, thereby decrypting it and obtaining a cleartext version of combined block 1130. Combined block 1130 includes basic capture request 1110, a copy of merchant computer system's 130 encryption public key certificate 1115, a copy of merchant computer system's 130 signature public key certificate 1120, and merchant digital signature 1125.
In function block 1220, payment gateway computer system 140 verifies merchant computer system's 130 encryption public key certificate 1115 and merchant computer system's 130 signature public key certificate 1120. Payment gateway computer system 140 performs this verification by making a call to the certification authorities associated with each certificate. If verification of either certificate fails, then payment gateway computer system 140 rejects the capture request.
In function block 1225, payment gateway computer system 140 validates merchant digital signature 1125. Payment gateway computer system 140 performs this validation by calculating a message digest over the contents of the combined basic capture request 1110, encryption public key certificate 1115, and signature public key certificate 1120. Payment gateway computer system 140 then decrypts digital signature 1125 to obtain a copy of the equivalent message digest calculated by merchant computer system 130 in function block 1020. If the two message digests are equal, then digital signature 1125 is validated. If validation fails, then payment gateway computer system 140 rejects the capture request.
In function block 1230, payment gateway computer system 140 applies its private key to encrypted random key RK-2 790 contained within received merchant capture request 915, thereby decrypting it and obtaining a cleartext version of random key RK-2 775.
In function block 1235, payment gateway computer system 140 applies random key RK-2 775 to encrypted capture token 780, thereby decrypting it and obtaining a cleartext version of capture token 770.
In function block 1240, payment gateway computer system 140 verifies that a proper transaction is being transmitted between capture token 770 and capture request 1110. A capture token includes data that the gateway generates at the time of authorization. When the authorization is approved, the encrypted capture token is given to the merchant for storage. At the time of capture, the merchant returns the capture token to the gateway along with other information required for capture. Upon receipt of the capture token, the gateway compares a message made of the capture request data and the capture token data and transmits this information over a traditional credit/debit network. If an improperly formatted transaction is detected, then payment gateway computer system 140 rejects the capture request.
In function block 1245, payment gateway computer system 140 determines the financial institution for which capture is requested by inspection of basic capture request 1110. Payment gateway computer system 140 contacts the appropriate financial institution using a secure means (e.g., a direct-dial modem-to-modem connection or a proprietary internal network that is not accessible to third parties), and using prior art means, instructs a computer at the financial institution to perform the requested funds transfer after settlement.
PAYMENT CAPTURE RESPONSE GENERATION
Function blocks 1250 through 1285 depict the stages of generating and transmitting a payment capture request response. FIGS. 13A through 13F depict views of the payment capture response and its component parts in accordance with a preferred embodiment.
In function block 1250, payment gateway computer system 140 creates a basic capture response 1310. Basic capture response 1310 is a data area that includes information for indicating whether a capture request was granted or denied. FIG. 13A depicts basic capture response 1310 in accordance with a preferred embodiment.
In function block 1255, payment gateway computer system 140 combines basic capture response 1310 and a copy of its signature public key certificate 1320. Payment computer system 140 calculates a digital signature 1325 for the combined contents of combined block 1330 including basic capture response 1310 and signature public key certificate 1320, and appends digital signature 1325 to the combination of the combined basic capture response 1310 and signature public key certificate 1320. Payment gateway computer system 140 calculates digital signature 1325 by first calculating a message digest over the contents of the combined basic capture response 1310 and signature public key certificate 1320. The message digest is then encrypted using the merchant computer system's 140 digital signature private key, thus forming a digital signature. FIG. 13B depicts combined block 1330 formed by function block 1255 and including basic capture request 1310, signature public key certificate 1320, and digital signature 1325 in accordance with a preferred embodiment.
In function block 1260, payment gateway computer system 140 generates a symmetric random encryption key RK-4 1340. FIG. 13C depicts random encryption key RK-4 1340 in accordance with a preferred embodiment.
In function block 1270, payment gateway computer system 140 encrypts combined block 1330 using random encryption key RK-4 1340 to form an encrypted combined block 1350. FIG. 13D depicts encrypted combined block 1350 in accordance with a preferred embodiment. The encryption state of encrypted combined block 1350 is graphically shown by a random key lock 1355, which indicates that encrypted combined block 1350 is encrypted using random key RK-4 1340.
In function block 1275, payment gateway computer system 140 encrypts random encryption key RK-4 1340 using the public key of merchant computer system 130 to form an encrypted random key RK-4 1360. FIG. 13E depicts encrypted random key RK-4 1360 in accordance with a preferred embodiment. The encryption state of encrypted random key 1360 is graphically shown by a merchant public key lock 1365, which indicates that encrypted random key 1360 is encrypted using the merchant public key.
In function block 1280, payment gateway computer system 140 concatenates encrypted combined block 1350 and encrypted random key RK-4 1360 to form merchant capture response 925. FIG. 13F depicts merchant capture response 925 including encrypted combined block 1350 and encrypted random key RK-4 1360 in accordance with a preferred embodiment. In function block 1285, payment gateway computer system 140 transmits merchant capture response 925 to merchant system 130.
PAYMENT CAPTURE RESPONSE PROCESSING
FIG. 14 depicts the stages of processing a payment capture response in accordance with a preferred embodiment. In function block 1410, merchant computer system 130 applies its private key to encrypted random key RK-4 1360 contained within received merchant capture response 925, thereby decrypting it and obtaining a cleartext version of random key RK-4 1340.
In function block 1420, merchant computer system 130 applies random key RK-4 1340 to encrypted combined block 1350, thereby decrypting it and obtaining a cleartext version of combined block 1330. Combined block 1330 includes basic capture response 1310, a copy of payment gateway computer system's 140 signature public key certificate 1320, and payment gateway digital signature 1325.
In function block 1430, merchant computer system 130 verifies payment gateway computer system's 140 signature public key certificate 1320. Merchant computer system 130 performs this verification by making a call to the certification authority associated with the certificate. If verification of the certificate fails, then merchant computer system 130 concludes that the capture response is counterfeit and raises an error condition.
In function block 1440, merchant computer system 130 validates payment gateway digital signature 1325. Merchant computer system 130 performs this validation by calculating a message digest over the contents of the combined basic capture response 1310 and signature public key certificate 1320. Merchant computer system 130 then decrypts digital signature 1325 to obtain a copy of the equivalent message digest calculated by payment gateway computer system 140 in function block 1255. If the two message digests are equal, then digital signature 1325 is validated. If validation fails, then merchant computer system 130 concludes that the authorization response is counterfeit and raises an error condition.
In function block 1450, merchant computer system 130 stores basic capture response 1310 for later use by legacy system accounting programs (e.g., to perform reconciliation between the merchant operating merchant computer system 130 and the financial institution from whom payment was requested), thereby completing the transaction.
Accordingly, the system of the present invention permits immediate deployment of a secure payment technology architecture such as the SET architecture without first establishing a public-key encryption infrastructure for use by consumers. It thereby permits immediate use of SET-compliant transaction processing without the need for consumers to migrate to SET-compliant application software.
VIRTUAL POINT OF SALE DETAILS
A virtual Point of Sale (vPOS) Terminal Cartridge is described in accordance with a preferred embodiment. The vPOS Terminal Cartridge provides payment functionality similar to what a commercially available VeriFone POS terminal ("gray box") provides for a merchant today, but the vPOS allows a merchant to process payments securely using the Internet. It provides full payment is functionality for a variety of payment instruments.
PAYMENT FUNCTIONALITY
FIG. 15A illustrates a payment processing flow in accordance with a preferred embodiment. The payment functionality provided by the vPOS terminal is divided into two main categories: a "Consumer-Initiated" category 1500; and a "Merchant-Initiated" category 1510. Some payment transactions require communication with the acquirer bank through a gateway 1530. The normal flow of a transaction is via a vPOS Cartridge API 1512 to a vPOS C++ API 1514 into a payment protocol layer 1516, which is responsible for converting data into the appropriate format for transmission to gateway 1530 for additional processing and forwarding to existing host payment authorization systems. Host legacy format refers to an existing authorization system for credit card approval currently utilized with the VeriFone Point of Sale (POS) gray terminals. The output from payment protocol layer 1516 is transmitted to the authorization processing center via gateway 1530. These transactions are referred to as "Online Transactions" or "Host Payments." The transactions that can be done locally by the merchant without having to communicate with the acquirer bank are referred to as "Local Functions and Transactions." To support different types of payment instruments, the vPOS Terminal payment functionality is categorized as set forth below.
Host Payment Functionality: These transactions require communication with the final host, either immediately or at a later stage. For example, an Online Authorization-Only transaction, when initiated, communicates with the host immediately. However, an Off-line Authorization-Only transaction is locally authorized by the vPOS terminal without having to communicate with the host, but at a later stage this off-line authorization transaction is sent to the host. Within the Host Payment Functionality some transactions have an associated Payment Instrument, but others do not. These two kinds of transactions are:
Host Financial Payment Functionality: These transactions have a Payment Instrument (e.g., Credit Card, Debit Card, E-Cash, or E-Check) associated with them. An example of this transaction is the "Return" transaction, which is initiated upon returning merchandise to the merchant.
Host Administrative Payment Functionality: These transactions do not require a payment instrument and provide either administrative or inquiry functionality. Examples of these transactions are "Reconcile" or "Batch Close."
Local Functions and Transactions: These transactions do not require communication with the host at any stage and provide essential vPOS terminal administrative functionality. An example of this is the vPOS terminal configuration function, which is required to set up the vPOS terminal. Another example is the "vPOS Batch Review" function, which is required to review the different transactions in the vPOS Batch or the Transaction Log.
PAYMENT INSTRUMENTS
A preferred embodiment of a vPOS terminal supports various Payment Instruments. A consumer chooses a payment based on personal preferences. Some of the Payment Instruments supported include:
Credit Cards
Debit Cards
Electronic Cash
Electronic Checks
Micro-Payments (electronic coin)
Smart Cards
vPOS FUNCTIONALITY
In the block diagram shown in FIG. 15B, the vPOS provides an interface for transactions that are initiated both by the consumer and the merchant in accordance with a preferred embodiment. The merchant initiates a transaction from a Graphical User Interface (GUI) 1550 and all the transactions that are initiated by the consumer are routed by a Merchant WEB Server interface 1545.
An Authorization/Data Capture Module 1560 processes the requests originated by the merchant or the consumer and routes them to a Protocol Module 1565. Protocol Module 1565 is responsible for building a payment protocol request packet 1570 (e.g., an SSL-encapsulated ISO 8583 packet) before sending the request to a Gateway 1579. Gateway 1579 then awaits a response from Protocol Module 1565, and upon receiving the response, Gateway 1579 parses the data and provides unwrapped data to Authorization/Data Capture Module 1560. Authorization/Data Capture Module 1560 analyzes the response and updates a Transaction Log 1580. Transaction Log 1580 includes information concerning any successfully completed transactions and the accumulators or the transaction totals. The vPOS terminal creates and maintains Transaction Log 1580, and vPOS Configuration Data 1585 includes information that is used to configure. the behavior of the vPOS. The entire vPOS functionality is thread-safe and hence using the vPOS in a multi-threaded environment does not require any additional interfacing requirements.
PAYMENT FUNCTIONALITY
As discussed above, the different Payment Functionality provided by the vPOS terminal can be divided into two main categories such as "Merchant Initiated" and "Consumer Initiated." Some of these transactions require communication with the Gateway, and these transactions are referred to as "Online Transactions." Transactions that can be done locally to the merchant without having to communicate with the gateway are referred to as "Local Functions/Transactions." In order to provide support for many different types of Payment Instruments, the vPOS Payment Functionality has been categorized.
Host payment functionality and transactions require communication with the host either immediately or at a later stage. Each of the host financial payment transactions are in this category and require a Payment Instrument. These transactions can be initiated with different types of Payment Instruments, which the vPOS terminal supports in accordance with a preferred embodiment.
An authorization without capture transaction is used to validate the card holder's account number for a sale that needs to be performed at a later stage. The transaction does not confirm a sale's completion to the host, and there is no host data capture in this event. The vPOS captures this transaction record and later forwards it to the host to confirm the sale in a forced post transaction request. An authorization without capture transaction can be initiated both by the consumer and the merchant.
A forced post transaction confirms to a host computer that a completion of a sale has been accomplished and requests data capture of the transaction. The forced post transaction is used as a follow-up transaction after doing an authorization (Online or Offline) transaction. The forced post transaction can be initiated only by the merchant.
The authorization with post transaction is a combination of authorization without capture and forced post transactions. This transaction can be initiated both by the consumer and the merchant.
The offline post transaction is identical to the "authorization without capture" transaction, except that the transaction is locally captured by the vPOS without initiating communication with a host. A forced post operation is done as a follow-up operation of this transaction. This transaction can be initiated by both the consumer and the merchant.
The return transaction is used to credit the return amount electronically to the consumer's account when purchased merchandise is returned. The vPOS captures the return transaction record when the merchandise is returned, and this transaction can be initiated only by the merchant.
The void transaction cancels a previously completed draft capture transaction. The vPOS GUI provides an interface for retrieving a transaction record required to be voided from the batch and passes it to the Authorization/Data Capture module after confirmation. The batch record is updated to reflect the voided transaction after getting an approval from the Gateway. This transaction can be initiated only by the merchant.
The pre-authorization transaction is identical to the authorization without capture transaction, but the consumers' "open-to-buy" amount is reduced by the pre-authorization amount. An example of this type of transaction is the "check-in" transaction in a hotel environment. A check-in transaction sends a pre-authorization request to the host so that an amount required for the customers' stay in the hotel is reserved. The pre-authorization transaction is followed by a pre-authorization complete transaction. This transaction can be initiated both by the consumer and the merchant.
The pre-authorization complete transaction is done as a follow-up to the pre-authorization transaction. This transaction informs the host of the actual transaction amount. The pre-authorization complete transaction amount could be more or less than the pre-authorization amount. An example is the "check-out" transaction in a hotel environment. The check-out amount can be less than or more than the check-in amount. This transaction can only be initiated by a merchant.
The adjust transaction is initiated to make a correction to the amount of a previously completed transaction. The adjust transaction can be initiated only by the merchant.
The host administrative transactions do not require any payment instrument. The balance inquiry transaction is used for on-line inquiry into the balance of the merchant's account. The batch data or the configuration data is not affected by this transaction.
The reconciliation or close transaction is processed at the end of the day to start the settlement process for the transactions captured by the host for that particular vPOS.
The host log-on transaction is an administrative transaction that is used to synchronize the vPOS with the host at the start of the day and also initiate a fresh batch at the vPOS terminal.
The parameters download transaction is used to download the vPOS configuration information from the host and set-up the vPOS in the event of any change in the configuration data. A test transaction is used to detect the presence of a host and the status of a link from the vPOS to the host.
Local transactions or functions are initiated by a merchant and do not require communication with the Gateway. These transactions can only be initiated by a merchant. The totals or accumulators review is a local information inquiry function and is used to retrieve the local (merchant's) totals. The detail transaction or the batch review function is used to retrieve all the records from the transaction log or the batch. The clear batch function is used to start a fresh batch. This transaction is utilized to electronically reconcile the vPOS with the host and to manually reconcile the vPOS with the host. After completing the manual reconciliation processing, the merchant can initiate this transaction to start a fresh batch. The clear accumulator function is similar to the clear batch functionality and resets all vPOS terminal accumulators to zero. This function is required when the merchant is not able to reconcile the vPOS with the host electronically.
The vPOS unlock or start transaction is a local function used to start the vPOS at the start of the day. The vPOS lock or stop function is used to lock or stop the vPOS from accepting any transactions. The vPOS configuration setup function is used to setup the vPOS configuration data. The vPOS configuration data is divided into different tables, for example, the Card/Issuer Definition Table (CDT), the Host/Acquirer Definition Table (HDT), the Communications Parameters Table (CPT), and the Terminal Configuration Table (TCT). The following sections explain each of these configuration tables in detail in accordance with a preferred embodiment.
HOST DEFINITION TABLE (HDT)
This table contains information specific to the acquirer.
______________________________________
Attributes/
Field Bytes Field Description/Comments
______________________________________
Terminal ANS(20) Terminal ID for this acquirer/host
Identifier
Merchant ANS(20) Merchant ID for this acquirer/host
Identifier
Current Batch
N(6) Batch Number for the batch
Number currently existing on the vPOS
Transaction
I(2) Reference Number for next
Number transaction in the vPOS transaction
log/batch (vPOS generated)
TPDU AN(10) Transport Protocol Data Unit -
Required for building the ISO 8583
packet.
STAN L(4) Systems Trace Number - Message
Number of the transaction to be
transmitted next for this acquirer.
NII N(3) Network International Identifier -
Required for building the ISO 8583
packet.
Host Name or
ANS(20) Name for identifying the host
Label (e.g., "AMEX-SIN"). This is only a
text string and is used for the
purpose of identifying the host.
No. of advice
I(2) No. of off-line transactions
messages (advice messages) that can be
piggy-backed at the end of an on-
line transaction. If set to zero
then piggy-backing is disabled.
______________________________________
The following fields specify whether Data Capture is required for a particular transaction for this acquirer.
______________________________________
Attributes/
Field Bytes Field Description/Comments
______________________________________
Host Protocol
I(2) Host Protocol type (e.g., ISO 8583
Type or SET)
Host Protocol
I(2) Sub protocol type (e.g., AMEX-
Sub-Type ISO8583 or MOSET)
Auth Only DC
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Flag
Auth Capture DC
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Flag
Adjust DC Flag
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Refund DC Flag
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Cash Advance DC
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Flag
Cash Back DC
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Flag
Off-line Auth
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
DC Flag
Void DC Flag
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Pre-Auth DC
Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Flag
Pre-Auth Bit(1 bit)
1 = REQUIRED, 0 = NOT REQUIRED
Complete DC
Flag
______________________________________
CARD DEFINITION TABLE (CDT)
This table contains information that is specific to the card issuer.
______________________________________
Attributes/
Field Bytes Field Description/Comments
______________________________________
Host Index I(2) Index into the HDT or the acquirer
that maps to this card issuer.
PAN Low Range
N(19) Low end of the PAN range
PAN High Range
N(19) High end of the PAN range.
Minimum PAN
I(2) The minimum number of digits in the
digits PAN for this acquirer.
Maximum PAN
I(2) The maximum number of digits in the
digits PAN for this acquirer.
Card Label ANS(20) Card Issuer Name for identification
(e.g., VISA).
______________________________________
The following fields specify whether a particular transaction is allowed for a card range.
______________________________________
Attributes/
Field Bytes Field Description/Comments
______________________________________
Auth Only Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Allowed
Auth Capture
Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Allowed
Adjust Allowed
Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Refund Allowed
Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Cash Advance
Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Allowed
Cash Back Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Allowed
Off-line Auth
Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Allowed
Void Allowed
Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Pre-Auth Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Allowed
Pre-Auth Bit(1 bit)
1 = ALLOWED, 0 = NOT ALLOWED
Complete
Allowed
______________________________________
COMMUNICATION PARAMETER TABLE (CPT)
This table contains communications parameters information specific to an acquirer. The HDT and this table have a one-to-one mapping between them.
______________________________________
Attributes/
Field Bytes Field Description/Comments
______________________________________
Primary Address
AN(100) Primary Host Address (e.g., Telephone
number, IP address)
Secondary AN(100) Secondary Host Address to be used if
Address the Primary Address is busy or not
available.
Tertiary AN(100) Tertiary Host Address.
Address
Response Time-
I(2) Time-out value (in seconds) before
out which the vPOS should receive a
response from the host.
______________________________________
TERMINAL CONFIGURATION TABLE (TCT)
This table contains information specific to a particular vPOS terminal.
______________________________________
Attributes/
Field Bytes Field Description/Comments
______________________________________
Merchant Name
ANS(100) Name of the merchant having the vPOS
terminal.
vPOS Lock Flag
Bit (1 bit)
1 = vPOS Locked, 0 = vPOS Unlocked
______________________________________
URL TABLE
The table below enumerates the URLs (Universal Resource Locators) corresponding to the transactions supported by the vPOS Terminal Cartridge in accordance with a preferred embodiment. Note that the GET method is allowed for all transactions; however, for transactions that either create or modify information on the merchant server, a GET request returns an HTML page from which the transaction is performed via a POST method.
______________________________________
Transaction
URL POST Access Control
______________________________________
HOST FINANCIAL PAYMENT FUNCTIONALITY
auth capture
/vPOSt/mi/authcaptu
allowed merchant
re/ login/password
auth capture
/vPOSt/ci/authcaptu
allowed no access control
re/
auth only
/vPOSt/mi/authonly/
allowed merchant
login/password
auth only
/vPOSt/ci/authonly/
allowed no access control
adjust /vPOSt/mi/adjust/
allowed merchant
login/password
forced post
/vPOSt/mi/forcedpos
allowed merchant
t/ login/password
offline auth
/vPOSt/mi/offlineau
allowed merchant
th/ login/password
offline auth
/vPOSt/ci/offlineau
allowed no access control
th/
pre auth /vPOSt/mi/preauth/
allowed merchant
login/password
pre auth comp
/vPOSt/mi/preauthco
allowed merchant
mp/ login/password
return /vPOSt/mi/return
allowed merchant
login/password
return /vPOSt/ci/return/
allowed no access control
void /vPOSt/mi/void/
allowed merchant
login/password
HOST ADMINSTRATIVE PAYMENT FUNCTIONALITY
balance /vPOSt/mi/bi/ not merchant
inquiry allowed login/password
host logon
/vPoSt/mi/hostlogon
allowed merchant
/ login/password
parameter
/vPOSt/mi/parameter
not merchant
download sdnld/ allowed login/password
reconcile
/vPOSt/mi/reconcile
allowed merchant
/ login/password
test host
/vPOSt/mi/testhost/
not merchant
allowed login/password
LOCAL FUNCTIONS & TRANSACTIONS
accum review
/vPOSt/mi/accum/rev
not merchant
iew/ allowed login/password
batch review
/vPOSt/mi/batch/rev
not merchant
iew/ allowed login/password
cdt review
/vPOSt/mi/cdt/revie
not merchant
w/ allowed login/password
cdt update
/vPOSt/mi/cdt/updat
allowed merchant
e/ login/password
cpt review
/vPOSt/mi/cpt/revie
not merchant
w allowed login/password
cpt update
/vPOSt/mi/cpt/updat
allowed merchant
login/password
clear accum
/vPOSt/accum/clear/
allowed merchant
login/password
clear batch
/vPOSt/mi/batch/cle
allowed merchant
ar/ login/password
hdt review
/vPOSt/mi/hdt/revie
not merchant
w/ allowed login/password
hdt update
/vPOSt/mi/hdt/updat
allowed merchant
e/ login/password
lock vPOS
/vPOSt/mi/lock/
allowed merchant
login/password
query txn
/vPOSt/ci/querytxn/
not no access control
allowed
query txn
/vPOst/mi/querytxn/
not merchant
allowed login/password
tct review
/vPOSt/mi/tct/revie
not merchant
w/ allowed login/password
tct update
/vPOSt/mi/tct/updat
allowed merchant
e/ login/password
unlock vPOS
/vPOSt/mi/unlock/
allowed merchant
login/password
______________________________________
URL DESCRIPTIONS
This section describes the GET and POST arguments that are associated with each transaction URL. It also describes the results from the GET and POST methods. For URLs that produce any kind of results, the following fields are present in the HTML document that is returned by the vPOS Terminal Cartridge:
______________________________________
txnDate Date of the transaction (mm/dd/yy or dd/mm/yy)
txnTime Time of the transaction (hh:mm:ss GMT or
hh:mm:ss local time)
merchantId Merchant ID of the merchant using the vPOS
terminal
terminalId vPOS Terminal Id
txnNum Transaction number of the given transaction
txnType Type of transaction
______________________________________
For URLs that deal with financial transactions, the following fields are present in the HTML document that is returned by the vPOS terminal cartridge:
______________________________________
txnAmount Transaction amount that is being, for
example, authorized, forced posted, or voided
poNumber Purchase order number
authIdentNum
Authorization ID number for the transaction
retRefNum Retrieval reference number for the given
transaction
piInfo Payment instrument information, which
generally varies for different payment
instruments. For example, in the case of
credit cards, the credit card number
(piAcctNumber) and expiration date
(piExpDate) are returned.
______________________________________
ACCUMULATE REVIEW
URL Functionality: This is a local information inquiry function that retrieves the local (merchant's) transaction totals (accumulators).
GET Arguments: None.
GET Results: Retrieves the transaction totals for the merchant.
Currently, the total is returned as an HTML document. The transaction totals currently returned are:
______________________________________
creditAmt Total Credit Amount since the last settlement
logged in the vPOS terminal
creditCnt Total Credit Count since the last settlement
logged in the vPOS terminal
debitAmt Total Debit Amount since the last settlement
logged in the vPOS terminal
debitCnt Total Debit Count since the last settlement
logged in the vPOS terminal
______________________________________
Note: Accum Review is a local function as opposed to Balance Inquiry, which is performed over the Internet with the host.
ADJUST
URL Functionality: Corrects the amount of a previously completed transaction.
GET Arguments: None
GET Results: Because the Adjust transaction modifies data on the merchant server, the POST method should be used. Using the GET method returns an HTML form that uses the POST method to perform the transaction.
______________________________________
POST Arguments:
______________________________________
pvsTxnNum Previous transaction number
txnAdjusted The adjusted transaction amount. Note that
Amount the original transaction amount is easily
retrievable from the previous transaction
number.
______________________________________
POST Results: On success, pvsTxnNum and txnAdjustedAmount are presented in the HTML document, in addition to the transaction fields described above.
AUTH CAPTURE
URL Functionality: This transaction is a combination of Auth Only (Authorization without capture) and Forced Post transactions.
GET Argu |
