US20100274683A1 - Method and apparatus for ordering goods, services and content over an internetwork using a virtual payment account - Google Patents

Abstract

A virtual payment system for paying for goods, services and content ordered over an internetwork comprising a commerce gateway component and a credit processing server component (53) is disclosed. Buyers and sellers becomes registered participants by applying for virtual payment buyer and seller accounts. Once an account is established, a digital certificate is stored on the registered participant's computer. A buyer can then order a product, i.e., goods, services or content from a seller and charge it to the virtual payment account. When the product is shipped, the seller notifies the commerce gateway component, which in turn notifies the credit processing server, which applies the charges to the buyer's virtual payment account. The buyer can settle the charges using a prepaid account, a credit account, or by using reward points earned through use of the virtual payment card. A buyer may create sub-accounts.

Description

CROSS-REFERENCES TO RELATED APPLICATIONS
• This application is a division of U.S. patent application Ser. No. 11/182,589, filed Jul. 14, 2005, which is a division of U.S. patent application Ser. No. 10/663,443, filed Sep. 16, 2003 (now U.S. Pat. No. 7,249,097), which is a continuation of U.S. patent application Ser. No. 10/338,133, filed Jan. 6, 2003, which is a continuation of U.S. patent application Ser. No. 09/578,395, filed May 25, 2000, which is a continuation-in-part of U.S. patent application Ser. No. 09/370,949, filed Aug. 9, 1999, priority from the filing date of which is hereby claimed under 35 U.S.C. §120. U.S. patent application Ser. No. 09/370,949 also claims the benefit of provisional U.S. Patent Application No. 60/140,039, filed Jun. 18, 1999, the benefit of which is hereby claimed under 35 U.S.C. §119. All of said applications are expressly incorporated herein by reference.
FIELD OF THE INVENTION
• This invention generally relates to a method and apparatus for ordering goods, services and content from one or more other computers connected via common communications links and, more particularly, to a method and apparatus for ordering goods, services and content from computers connected to the Internet using a virtual payment account.
BACKGROUND OF THE INVENTION
• Communication networks are well known in the computer communications field. By definition, a network is a group of computers and associated devices that are connected by communications facilities or links. Network communications can be of a permanent nature, such as via cables, or can be of a temporary nature, such as connections made through telephone or radio links. Networks may vary in size, from a local area network (LAN) consisting of a few computers or workstations and related devices, to a wide area network (WAN), which interconnects computers and LANs that are geographically dispersed, to a remote access service (RAS), which interconnects remote computers via temporary communication links. An internetwork, in turn, is the joining of multiple computer networks, both similar and dissimilar, by means of gateways or routers that facilitate data transfer and conversion from various networks. A well-known abbreviation for the term internetwork is “Internet.” As currently understood, the capitalized term “Internet” refers to the collection of networks and routers that use the Transmission Control Protocol/Internet Protocol (TCP/IP) to communicate with one another.
• A representative section of the Internet40 is shown inFIG. 1 (Prior Art) in which a plurality of local area networks (LANs)44 and a wide area network (WAN)46 are interconnected byrouters42. Therouters42 are generally special purpose computers used to interface one LAN or WAN to another. Communication links within the LANs may be twisted wire pair, or coaxial cable, while communication links between networks may utilize 56 Kbps analog telephone lines, or 1 Mbps digital T-1 lines and/or 45 Mbps T-3 lines. Further, computers and other related electronic devices can be remotely connected to either theLANs44 or the WAN46 via a modem and temporary telephone link. Such computers andelectronic devices48 are shown inFIG. 1 as connected to one of theLANs44 by a dotted line. It will be appreciated that the Internet comprises a vast number of such interconnected networks, computers and routers and that only a small, representative section of the Internet40 is shown inFIG. 1.
• The Internet has recently seen explosive growth by virtue of its ability to link computers located throughout the world. As the Internet has grown, so has the World Wide Web (WWW). The WWW is a vast collection of interconnected or “hypertext” documents (also known as “Web pages”) written in HyperText Markup Language (HTML) that are electronically stored at “Web sites” throughout the Internet. A Web site is a server connected to the Internet that has mass storage facilities for storing hypertext documents and that runs administrative software for handling requests for those stored hypertext documents. A hypertext document normally includes a number of hyperlinks, i.e., highlighted portions of text that link the document to another hypertext document possibly stored at a Web site elsewhere on the Internet. Each hyperlink is associated with a Uniform Resource Locator (URL) that provides the exact location of the linked document on a server connected to the Internet. Thus, whenever a hypertext document is retrieved from any Web server, the document is considered to be retrieved from the WWW.
• A user is allowed to retrieve hypertext documents from the WWW, i.e., a user is allowed to “surf the Web,” via a Web browser. A Web browser, such as NETSCAPE NAVIGATOR® or MICROSOFT® Internet Explorer, is a software program implemented by a Web client, i.e., a user's computer, to provide a graphical user interface to the WWW. Upon request from the user via the Web browser, the Web client accesses and retrieves the desired hypertext document or Web page from the appropriate Web server using the URL for the document and a protocol known as HyperText Transfer Protocol (HTTP). HTTP is a higher-level protocol than TCP/IP and is designed specifically for the requirements of the WWW. It is used on top of TCP/IP to transfer hypertext documents between servers and clients.
• At the advent of the WWW, the information stored on the Internet was freely transferred back and forth between those parties interested in the information. However, the WWW is quickly becoming a channel of commercial activity, whereby a vast number of companies have developed their own Web sites for advertising and selling their goods and services. Commercial activity that takes place by means of connected computers is known as electronic commerce, or e-commerce, and can occur between a buyer and a seller through an on-line information service, the Internet, a bulletin board system (BBS), or between buyer and seller computers through electronic data interchange (EDI). A buyer (also referred to as a user, consumer, or purchaser in the context of e-commerce) may “visit the Web site” of a company or seller, i.e., retrieve the hypertext documents located on the Web server of a particular seller, and order any good or service that the seller has to offer. If that good or service is in the form of electronically stored information, such as a book, a video, a computer game, etc., the buyer may simply download the good or service from the company's Web site to his or her computer for immediate consumption and use. If the good or service is of a more tangible nature, such as an appliance or article of clothing ordered from an on-line catalog, a more conventional method of delivery, e.g., the postal service or a common carrier, is used.
• A common method of payment for e-commerce purchases is electronic credit, or e-credit. E-credit is a form of electronic commerce often involving credit card transactions carried out over the Internet. Traditional e-credit purchases are paid for by a major credit card, wherein the buyer is required to transmit his or her credit information, for example, an account number and expiration date, over the Internet to the company's Web site. Many buyers are concerned about the security and confidentiality of such electronic transmissions. Furthermore, many buyers do not have a major credit card with which to make such purchases. Alternative billing systems, such as providing credit information by facsimile or postal service, are much less convenient and often prove enough of a barrier to prohibit the sale altogether. Finally, the traditional methods of billing and payment do not adequately protect the seller or buyer from fraudulent purchases.
• Accordingly, a more effective method and apparatus for ordering and billing for goods, services and content over a network, and ultimately the Internet, is needed. The method and apparatus should protect the seller and buyer from fraudulent purchases. Additionally, the method and apparatus should provide an element of non-repudiation to all transactions. The method and apparatus should also prevent buyers with histories of nonpayment from purchasing additional goods, services and/or content. Finally, the method and apparatus should allow a buyer without a major credit card to purchase goods, services and content over the network.
SUMMARY OF THE INVENTION
• The present invention provides a computer program for ordering products from computers connected to the Internet, wherein the buyer is automatically billed for the ordered good, service or content based on a virtual payment account maintained by a commerce gateway.
• In accordance with other aspects of the present invention, a commerce gateway interfaces with a credit processing server to handle the monetary aspects involved in purchasing goods, services and/or content. The credit processing server interfaces with one or more financial institutions that physically handle the buyer's account. For example, a buyer can pay for purchases electronically by transferring funds from a bank account held by the buyer at a financial institution or by prepaying for the purchases by sending a check to the provider of the commerce gateway. Alternatively, reward points earned by using the virtual payment account can be applied towards purchases.
• In accordance with still other aspects of the present invention, the credit processing server or commerce gateway communicates with one or more identity bureaus in order to determine a buyer's identity before creating a virtual payment account.
• In accordance with still other aspects of the present invention, the credit processing server communicates with one or more credit bureaus in order to determine a credit limit for a buyer's virtual payment account.
• In accordance with yet other aspects of the present invention, a virtual payment account can have associated sub-accounts. A sub-account can have a credit limit that is less than the main account credit limit. A sub-account can limit the seller sites from which goods, services and/or content can be purchased.
• In accordance with further aspects of the present invention, purchases must be made by a registered buyer from a registered seller. Security is ensured via authentication of the parties to a transaction. Authentication can be performed by verification of a digital certificate, or a digital signature, or by alternate authentication methods.
BRIEF DESCRIPTION OF THE DRAWINGS
• The foregoing aspects and many of the attendant advantages of this invention will become more readily appreciated as the same become better understood by reference to the following detailed description, when taken in conjunction with the accompanying drawings, wherein:
• FIG. 1 (Prior Art) is a block diagram of a representative portion of the Internet;
• FIG. 2 is a pictorial diagram of a local area network (LAN) connected to the Internet which supplies goods, services and/or content ordered by a buyer using a computer located elsewhere on the Internet in accordance with the present invention;
• FIG. 3 is a block diagram of the several components of the buyer's computer shown inFIG. 2 that is used to order goods, services and/or content from the Internet in accordance with the present invention;
• FIG. 4 is a block diagram of the several components of a seller server shown inFIG. 2 that provides the ordered goods, services and/or content in accordance with the present invention;
• FIG. 5 is a block diagram of the several components of a commerce gateway shown inFIG. 2 that is used to interface between the Internet and a credit processing server in accordance with the present invention;
• FIG. 6 is a block diagram of the several components of a credit processing server shown inFIG. 2 that provides for the payment of the ordered goods, services and/or content in accordance with the present invention;
• FIG. 7 is a diagram illustrating the actions taken by a buyer's computer, the commerce gateway, the credit processing server, an identity bureau and a credit bureau to create a virtual payment account for a buyer;
• FIGS. 8A-8G are exemplary Web pages displayed on a buyer's computer when applying for a virtual payment account in accordance with the present invention;
• FIGS. 9A-9C are exemplary Web pages used by a buyer to customize the virtual payment account applied for in accordance with the present invention;
• FIGS. 10A-10C are exemplary Web pages displayed on a buyer's computer containing account statements and reports for a buyer's virtual payment account in accordance with the present invention;
• FIGS. 11A-11E are exemplary Web pages used by a buyer to purchase goods, services and/or content in accordance with the present invention;
• FIG. 12 is a flow diagram illustrating the logic used by the buyer's computer to order goods, services and/or content from the Internet using the Web browser;
• FIG. 13 is a flow diagram illustrating the logic used by a buyer authenticator of the buyer's computer to validate that the buyer is a registered virtual payment account participant;
• FIG. 14 is a flow diagram illustrating the logic used by an alternate buyer authenticator of the buyer's computer to validate that the buyer is a registered virtual payment account participant;
• FIG. 15 is a flow diagram illustrating the logic used by the buyer's computer to apply for a virtual payment account using the Web browser;
• FIG. 16 is a flow diagram illustrating the logic used by an enrollment server of the commerce gateway shown inFIG. 5 to establish a new buyer account in accordance with the present invention;
• FIG. 17 a flow diagram illustrating the logic used by an account identification container generator of the commerce gateway shown inFIG. 5 to generate an account identification for a given transaction;
• FIG. 18 is a flow diagram illustrating the logic used by a commerce engine of a seller computer shown inFIG. 4 to provide for the ordering, shipment and payment of goods, services and/or content over the Internet;
• FIG. 19 is a flow diagram illustrating the logic used by a commerce gateway adapter of the seller server shown inFIG. 4 to allow a commerce engine to communicate with a transaction server on the commerce gateway;
• FIG. 20 is a flow diagram illustrating the logic used by the transaction server of the commerce gateway shown inFIG. 5 to process an order for goods, services and/or content over the Internet using a virtual payment account;
• FIGS. 21 and 22 are flow diagrams illustrating the logic used by various sub-systems of the credit processing server shownFIG. 6 to provide for payment of goods, services and/or content ordered over the Internet using a virtual payment account;
• FIG. 23 is a diagram illustrating the actions taken by the buyer's computer, the seller server, and the commerce gateway to order goods, services and/or content using the virtual payment account;
• FIG. 24 is a flow diagram illustrating the logic used by the seller's computer to perform a settlement transaction, i.e., initiate transfer of funds;
• FIG. 25 is a flow diagram illustrating the logic used by the transaction server of the commerce gateway shown inFIG. 5 to process a settlement transaction;
• FIG. 26 is a flow diagram illustrating the logic used by the administrator's computer to initiate a refund to be applied to a virtual payment account in accordance with the present invention;
• FIG. 27 is a flow diagram illustrating the logic used by a commerce gateway to process a request for information from an identity bureau;
• FIG. 28 is an exemplary window of an e-mail computer program containing an alternate authentication message;
• FIG. 29 is an exemplary device showing an alternate authentication message;
• FIG. 30 is an exemplary Web page showing an alternate authentication dialog;
• FIGS. 31-41 are exemplary Web pages used by a seller to view transactions, status of payments and reports;
• FIG. 42 is a flow diagram illustrating the logic used to authenticate a seller and generate a report for seller.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
• As previously described and shown inFIG. 1, theInternet40 is a collection of local area networks (LANs)44, wide area networks (WANs)46,remote computers48 androuters42 that use the Transmission Control Protocol/Internet Protocol (TCP/IP) to communicate with each other. The World Wide Web (WWW), on the other hand, is a vast collection of interconnected, electronically stored information located on servers connected throughout theInternet40. Many companies are now selling goods, services, and access to their premium content over the Internet using the WWW. In accordance with the present invention, a buyer orders goods, services, and/or content (referred to interchangeably herein as “products”) over theInternet40 via a Web browser and is automatically billed for the purchase using his or her virtual payment account without transferring sensitive account information, such as account number and expiration date, over theInternet40. The virtual payment account allows a buyer to settle transactions of the virtual payment account using a prepaid or credit account. In one actual embodiment of the present invention, the virtual payment account uses bank electronic funds transfers, for example, using the Automated Clearing House (ACH) standard, which is maintained by the National Automated Clearing House Association (NACHA)—the standards group promoting electronic commerce standards. In another embodiment, the virtual payment account can be funded using a traditional paper check, with the buyer mailing a check, e.g., via the postal service, to the providers of the virtual payment account system. Alternatively, funds transfer services and electronic bill payment services, such as CHECKFREE®, may be used. Reward points earned through use of the virtual payment account can also be applied to the buyer's virtual payment account to pay for products.
• More specifically, as shown inFIG. 2, the buyer purchases goods, services, and/or premium content from aseller server51, i.e., a computer owned by the seller which sponsors or sells the product, by placing an order with the seller server from acomputer50 connected to theInternet40. The order is processed and confirmed by acommerce gateway52 connected to aLAN44 located elsewhere in theInternet40. Thecommerce gateway52 is also connected to acredit processing server53 via theLAN44. Thecredit processing server53 communicates with one ormore identity bureaus56 to verify the identity of the buyer. After verifying the identity of the buyer thecredit processing server53 communicates with one ormore credit bureaus58 in order to determine the credit worthiness of a buyer.
• In one actual embodiment of the present invention described herein, theidentity bureau56 is a server provided and maintained by an agency for verifying the identity of the buyer and thecredit bureau58 is a server provided and administrated by a credit agency for processing credit reports for buyers. Theidentity bureau56 andcredit bureau58 can be located on theLAN44 or elsewhere on theInternet40.
• In yet another embodiment, the credit processing server can establish a point-to-point connection with a remote identity bureau or credit bureau that is not connected to either theLAN44 nor theInternet40. It will be appreciated that other methods of communication between thecredit processing server53 andidentity bureau56 orcredit bureau58 may be used, for example, a secure Virtual Private Network (VPN) maintained and operated by the identity bureau or credit bureau exclusively for the purpose of identity checking or credit rating, respectively.
• Finally, in yet other embodiments, the identity and credit bureaus may not actually offer a server at all. Rather, a customer service representative for the identity or credit bureaus may process the identity or credit report and manually provide the report to an administrator of the present invention who manually enters the report to thecredit processing server53.
• Thecredit processing server53 also communicates with one or morefinancial institutions59 for the purpose of obtaining the buyer's payment, i.e., a transfer of funds for the purchase of products. As is the case with the identity andcredit bureaus58, thefinancial institutions59 may be other servers in electronic communication with thecredit processing server53, customer service representatives in more traditional communication with thecredit processing server53, or some combination thereof.
• Finally, in addition to thecommerce gateway52, theLAN44 includes anadministrative computer54 used to administer buyer and seller information and services provided by thecommerce gateway52 andcredit processing server53.
• In the exemplary embodiment of the present invention shown inFIG. 2, theLAN44 is insulated from theInternet40 by afirewall55 that tracks and controls the flow of all data passing through it. Thefirewall55 protects theLAN44 from malicious in-bound data traffic. TheLAN44 is a bus network interconnecting the various computers and servers. TheLAN44 shown inFIG. 2 can be formed of various coupling media such as glass or plastic fiberoptics cables, coaxial cables, twisted wire pair cables, ribbon cables, etc. In addition, one of ordinary skill in the art will appreciate that the coupling medium can also include a radio frequency coupling media or other intangible coupling media. Any computer system or number of computer systems, including but not limited to workstations, personal computers, laptop computers, personal data assistants, servers, remote computers, etc., that is equipped with the necessary interface hardware may be connected temporarily or permanently to theLAN44 and, thus, theInternet40. However, if temporarily connected via a telephone link to another device connected to theLAN44, the interface hardware of both theremote computer48 and the device to which it is connected must contain a modem.
• Also shown inFIG. 2 is anexemplary authentication device205 whose purpose will be described in more detail below. In one embodiment of the current invention, the authentication device may be a personal data assistant (PDA) with a wireless modem. However, those of ordinary skill in the art will appreciate that the authentication device may be a laptop computer, a cellular telephone, a pager or any device capable of receiving a remote message.
• Finally, those of ordinary skill in the art will recognize that while only onebuyer computer50, and oneseller server51 are depicted inFIG. 2, numerous buyer computers and seller servers equipped with the hardware and software components described below may be connected to theInternet40. It will also be appreciated that the term “buyer” used herein can be applied to any purchaser of goods and/or services and can be applied equally to an individual, non-commercial purchaser, a business or a commercial purchaser. In other words, the term “buyer” can apply to any purchaser and the term “seller” can apply to any vendor or merchant, be they on individual, non-commercial seller, a business or a commercial seller.
Relevant Buyer Computer, Seller Server, Commerce Gateway, and Credit Processing Server Components
• FIG. 3 depicts several of the important components of the buyer'scomputer50. Those of ordinary skill in the art will appreciate that the buyer'scomputer50 could be any computer used by the buyer to utilize the buyer's virtual payment account. Additionally, those of ordinary skill in the art will appreciate that the buyer'scomputer50 may include many more components then those shown inFIG. 3. However, it is not necessary that all of these generally conventional components be shown in order to disclose an illustrative embodiment for practicing the present invention. As shown inFIG. 3, the buyer's computer includes anetwork interface60 for connecting to aLAN44 orWAN46, or for connecting remotely to a LAN or WAN. Those of ordinary skill in the art will appreciate that thenetwork interface60 includes the necessary circuitry for such a connection, and is also constructed for use with the TCP/IP protocol, the particular network configuration of the LAN or WAN it is connecting to, and a particular type of coupling medium.
• The buyer'scomputer50 also includes aprocessing unit61, adisplay62, and amemory63. Thememory63 generally comprises a random access memory (RAM), a read-only memory (ROM) and a permanent mass storage device, such as a disk drive. Thememory63 stores the program code and data necessary for ordering and paying for a product over theInternet40 in accordance with the present invention. More specifically, thememory63 stores aWeb browser component64, such as NETSCAPE NAVIGATOR® or MICROSOFT® Internet Explorer, and abuyer authenticator component65 formed in accordance with the present invention for authenticating a buyer as a registered participant of the virtual payment system prior to performing any virtual payment account transactions. It will be appreciated that these components may be stored on a computer-readable medium and loaded intomemory63 of thebuyer computer50 using a drive mechanism associated with the computer-readable medium, such as a floppy or DVD/CD-ROM drive.
• As will be described in more detail below, the products ordered by the buyer are supplied by aseller server51, described next, following authorization from a remote server, i.e., acommerce gateway52 described later, located elsewhere on the Internet, e.g., onLAN44 illustrated inFIG. 2.FIG. 4 depicts several of the important components of theseller server51. Those of ordinary skill in the art will appreciate that theseller server51 includes many more components than those shown inFIG. 4. However, it is not necessary that all of these generally conventional components be shown in order to disclose an illustrative embodiment of practicing the present invention. As shown inFIG. 4, theseller server51 includes anetwork interface70 for connecting to aLAN44 orWAN46, or for connecting remotely to a LAN or WAN. Those of ordinary skill in the art will appreciate that thenetwork interface70 includes the necessary circuitry for such a connection, and is also constructed for use with the TCP/IP protocol, the particular network configuration of the LAN or WAN it is connecting to, and a particular type of coupling medium.
• Theseller server51 also includes aprocessing unit71, adisplay72, and amemory73. Thememory73 generally comprises a random access memory (RAM), read-only memory (ROM), and a permanent mass storage device, such as a hard disk drive, tape drive, optical drive, floppy disk drive, or combination thereof. In one actual embodiment of the present invention, the memory contains aproduct database74 that includes the electronically stored good or service ordered by the buyer. In other embodiments of the present invention, theproduct database74 stores the premium content ordered by the buyer, i.e., the hypertext documents or other electronically stored information considered of monetary value by the seller. In yet other embodiments of the present invention, the goods may be tangible goods not capable of being electronically stored, in which case the product database includes descriptive information of the products.
• Thememory73 also contains acommerce engine component75 for purchasing a product from a seller Web site. Thecommerce engine component75 may be an existing commerce engine, such as MICROSOFT® Site Server, which allows for the payment of products ordered over the Internet using a major credit card, e.g., VISA® or MASTERCARD®. A commercegateway adapter component76 is also provided to allow thecommerce engine component75 to interface with thecommerce gateway52. The commerce gateway adapter component uses and provides application programming interface (API) calls to interface with thecommerce engine75. Also included in memory is aseller authenticator component77 for verifying that the seller is an authorized or registered seller of the virtual payment system of the present invention. It will be appreciated that theproduct database74, thecommerce engine component75, the commercegateway adapter component76 and theseller authenticator component77 may be stored on a computer-readable medium and loaded intomemory73 of theseller server51 using a drive mechanism associated with the computer-readable medium, such as a floppy or CD-ROM drive. Finally,memory73 stores aWeb server component78 for handling requests for stored information received via the Internet and the WWW.
• FIG. 5 depicts several of the important components of thecommerce gateway52. Those of ordinary skill in the art will appreciate that thecommerce gateway52 includes many more components than those shown inFIG. 5. However, it is not necessary that all of these generally conventional components be shown in order to disclose an illustrative embodiment for practicing the present invention. As shown inFIG. 5, thecommerce gateway52 is connected to theLAN44 via anetwork interface80. Those of ordinary skill in the art will appreciate that thenetwork interface80 includes the necessary circuitry for connecting thecommerce gateway52 to theLAN44 and thefirewall55, and is constructed for use with the TCP/IP protocol, the particular network configuration of theLAN44, and the particular type of coupling medium.
• Thecommerce gateway52 also includes aprocessing unit81, adisplay82, and amemory83. Thememory83 generally comprises a random access memory (RAM), a read-only memory (ROM), and a permanent mass storage device, such as a hard disk drive, tape drive, optical drive, floppy disk drive, or combination thereof. Thememory83 stores the program code and data necessary for authorizing aseller server51 to supply products to buyers and obtaining payment for the products via acredit processing server53 in accordance with the present invention. More specifically, thememory83 stores atransaction server component84 formed in accordance with the present invention for authorizing a seller to supply the ordered product and obtaining payment for the ordered product from thecredit processing server53.Memory83 also contains anidentity bureau adapter79 formed in accordance with the present invention for verifying a buyer or seller's identity. Also stored inmemory83 is anenrollment server component89 formed in accordance with the present invention for determining the credit worthiness of an applicant. An account identificationcontainer generator component88 is also stored inmemory83 for determining an internal account identification. Areport server85 is also stored inmemory83 for processing request for reports and consolidating information for requested reports. Also stored in thememory83 is a credit processingserver adapter component86 for communicating with acredit processing server53 described below. It will be appreciated that thetransaction server component84, the credit processingserver adapter component86, the account identificationcontainer generator component88, and theenrollment server component89 may be stored on a computer-readable medium and loaded intomemory83 of thecommerce gateway52 using a drive mechanism associated with the computer-readable medium, such as floppy or CD-ROM drive. Thememory83 also stores aWeb server component87 for handling requests for stored information received via theInternet40 and the WWW.
• FIG. 6 depicts several of the important components of thecredit processing server53. Those of ordinary skill in the art will appreciate that thecredit processing server53 includes many more components than those shown inFIG. 6. However, it is not necessary that all of these generally conventional components be shown in order to disclose an illustrative embodiment for practicing the present invention. As shown inFIG. 6, thecredit processing server53 is connected to theLAN44 via anetwork interface90. Those of ordinary skill in the art will appreciate that thenetwork interface90 includes the necessary circuitry for connecting thecredit processing server53 to theLAN44 and thefirewall55, and is constructed for use with the TCP/IP protocol, the particular network configuration of theLAN44, and the particular type of coupling medium.
• Thecredit processing server53 also includes aprocessing unit91, adisplay92, and amemory93. Thememory93 generally comprises a random access memory (RAM), a read-only memory (ROM), and a permanent mass storage device, such as a hard disk drive, tape drive, optical drive, floppy disk drive, or combination thereof. Thememory93 stores the program code and data necessary for authorizing and securing payment for products purchased using a virtual payment account in accordance with the present invention. More specifically, thememory93 of the credit processing server stores credit processing sub-systems including: an account/billing sub-system94 for billing a buyer for products purchased using a virtual payment account; apayment processing sub-system95 for communicating with afinancial institution59 in order to process payments received for purchases made using a virtual payment account; and anaccount enrollment sub-system96 for determining the credit limit for an applicant as determined by information received from one ormore credit bureaus58.
• Also stored inmemory93 are anaccount database97 and afinancial database98 used to store data required for the account/billing sub-system94, thepayment processing sub-system95,identity bureau adapter99 and theaccount enrollment sub-system96 to perform their required functions. It will be appreciated that the account/billing sub-system94, thepayment processing sub-system95, theaccount enrollment sub-system96, theaccount database97,identity bureau adapter99, and thefinancial database98 may be stored on a computer-readable medium and loaded intomemory93 of the credit processing system using a drive mechanism associated with the computer-readable medium, such as floppy or DVD/CD-ROM drive. It will also be appreciated that the account/billing sub-system94, thepayment processing sub-system95, and theaccount enrollment sub-system96 can comprise, either in full or in part, existing, traditional credit card payment systems.
• FIGS. 3-6 depict important components of thebuyer computer50,seller server51,commerce gateway52 andcredit processing server53 shown inFIG. 2 of one embodiment of the present invention. It will be appreciated that many other implementations and variations are possible. For example, one or more of thecredit processing sub-systems94,95,96 could be included in thecommerce gateway52 instead of in thecredit processing server53. Alternatively, each of thecredit processing sub-systems94,95,96 of the credit processing server could be in a separate server. Further,additional commerce gateways52 andcredit processing servers53 may be located on theLAN44 or elsewhere on theInternet40.
Applying for a Virtual Payment Account
• Once a VPA is set up, the virtual payment system of the present invention is a closed system that provides buyers a secure method for purchasing products over the Internet. The closed system includes only a registered buyer'scomputer50, a registeredseller server51, the commerce gateway52 (administered by the provider of the virtual payment system), and the credit processing server53 (which can also be administered by the provider of the virtual payment system). Since the account information necessary for charging the buyer for the purchase is already in the possession of thecommerce gateway52 and thecredit processing server53, the closed system of the present invention allows registered buyers to purchase products from registered sellers without transferring sensitive account information to the sellers over the Internet. In order to become a member of the virtual payment system of the present invention, a buyer becomes a registered user by obtaining a virtual payment account.FIG. 7 illustrates the actions taken by the buyer'scomputer50, thecommerce gateway52, thecredit processing system53, and thecredit bureau58 to create a virtual payment account for a buyer. The interactions of the various components are illustrated and described in detail later for various transactions performed by the present invention with reference to the diagrams shown inFIGS. 12,27 and42. As shown inFIG. 7, the process of applying for a virtual payment account is initiated when a buyer requests100 an application form via the Internet using theWeb browser64 installed on the buyer'scomputer50. The buyer may apply for a virtual payment account directly from a virtual payment account Web site located at thecommerce gateway52 or indirectly from a registered seller site located at theseller server51. Once therequest100 for the application form is received by thecommerce gateway52, thecommerce gateway52 providesbuyer computer50 theapplication form102 so that the buyer can complete the form displayed in theWeb browser64 of thebuyer computer50.
• Upon completion of the application form, thebuyer computer50 submits the completedapplication form104 to thecommerce gateway52. Thecommerce gateway52 then submits theapplication data106 from the completed form to thecredit processing server53 for account and credit limit authorization. Thecredit processing server53 verifies the application data by requestingidentity information116 from anidentity bureau56. The identity bureau provides the requestedidentity information118 and if the provided identity information corresponds to the application data then thecredit processing server53requests credit information108 about the buyer from acredit bureau58. However, in one actual embodiment of the present invention, if the application data does not conform to the identity information from theidentity bureau56, then no virtual payment account is created and the application is forwarded to customer service for review for possible fraud detection. As noted above, in the actual embodiment of the present invention, theidentity bureau56 is a server provided and maintained by a agency for verifying identity and thecredit bureau58 is a server provided and administrated by a credit agency for processing credit reports. Hence, thecredit processing server53 requests the desired identity and credit information electronically, e.g., via appropriate database queries, etc., from theidentity bureau56 andcredit bureau58.
• Returning to the illustrated embodiment, thecredit bureau58 provides the requestedcredit information110 to thecredit processing server53 via the connection with thecredit processing server53. Thecredit processing server53 then evaluates the application, identity, and credit information by combining the identity information from the identity bureau and the credit information received from thecredit bureau58 with application data in order to determine acredit score111. If the score exceeds a certain threshold, a credit limit is set and the virtual payment account is created112. If the score falls below the threshold, a virtual payment account may still be created112, however, all purchases must be prepaid, and the account information is forwarded to a customer service representative for review for a possible later grant of credit.
• Once the virtual payment account is created, thecredit processing server53 returns the result of theevaluation113, e.g., approval/denial, prepaid account only, credit limit, etc., to thecommerce gateway52. The commerce gateway then requests120 that thebuyer authenticator65 on the buyer computer generate a public key encryptionkey pair122 comprising a secret key and a public key. Thebuyer authenticator65 then submits the public key to thecommerce gateway124. Thecommerce gateway52 digitally signs the public key to generate adigital certificate126. As will be appreciated by those of ordinary skill in the art, a digital certificate comprises a public key digitally signed by a trustworthy entity. Thecommerce gateway52 sends the digital certificate and anapplication result page114 to thebuyer computer50 for display via the buyer computer'sWeb browser64. Finally, the buyer computer stores thedigital certificate128 for use later with the virtual payment account.
• It will be appreciated that the digital certificate may be stored in thememory63 of thebuyer computer50 or on some form of device capable of interfacing with the buyer computer, such as, but not limited to, a secure token, smart card, or as an encrypted file on some other computer readable medium. It will be appreciated by those of ordinary skill in the art that the order of the operations inFIG. 7 may be altered without substantially affecting the operation of the present invention. For example, the buyer may be notified of the application results before generating the public key encryption pairs.
• FIGS. 8A-8G are exemplary Web pages provided to the buyer by theWeb browser64 of thebuyer computer50 in connection with applying for a virtual payment account as described above. Using theWeb page600 shown inFIG. 8A, the buyer selects the type of virtual payment account they desire to apply for, e.g., credit or prepaid, and submits the information by clicking “continue.” Next, theWeb pages605,610, and615 shown inFIGS. 8B-8D for the application form are displayed to the buyer via theWeb browser64. In one actual embodiment of the present invention, the buyer fills out the application form with the appropriate application data on-line. Alternatively, the buyer can request the application on a printed form and submit the printed form via facsimile or regular mail, in which case a customer service representative will enter the information into theaccount database97 of thecredit processing server53 via theadministrative user computer54. The application data includes information such as social security number and income that will be used to determine a credit limit for the buyer. Information entered by the buyer in the application form is also used for demographic purposes. For example, banner advertisements can be displayed via theWeb browser64 on thebuyer computer50 and can be targeted to the buyer based on demographic information, such as the buyer's age and geographic location.
• After the buyer completes the application form contained in the Web pages,605,610, and615 shown inFIGS. 8B-8D and the application is processed by thecredit processing server53, aWeb page620 as shown inFIG. 8E is transferred to and displayed by the buyer computer'sWeb browser64, which notifies the buyer of the results of the application process, i.e., account approval and details of his or her virtual payment account, including the account credit limit. Once the account approval is complete and the account accepted by the buyer, thecommerce gateway52 then transmits the buyer authenticator component65 (which, as described above, generates a public key encryption key pair) to the buyers computer for installation as shown inFIG. 8F.FIG. 8G shows anexemplary Web page630 that allows the buyer to activate their virtual payment account.
Customizing and Modifying a Virtual Payment Account
• Once a virtual payment account has been approved and a credit limit set as described above, the account can be customized by the buyer. Account information is then stored in theaccount database97 of thecredit processing server53.FIGS. 9A-9C illustrate an exemplary set of Web pages downloaded from thecommerce gateway52 and displayed by theWeb browser64 of the buyer'scomputer50 for customizing the buyer's virtual payment account.FIGS. 9A-9B illustrateWeb pages640 and645 for main account customization. As shown inFIG. 9A, the buyer may customize his or her virtual payment account contact information and preferences.FIG. 9B illustrates that the main account holder is able to configure access controls for their account and all sub-accounts as shown inWeb page645.
• As shown inFIG. 9C, the buyer may also customize sub-accounts for his or her own use, or for use by a business partner, spouse and/or children. As will be described in more detail below, the buyer may then impose his or her own spending limits on the sub-accounts. In one actual embodiment, reward points accrue in the main account so that the buyer can transfer the reward points to sub-accounts. It will be appreciated that in other embodiments, reward points could accrue to individual sub-accounts, if the buyer so desires. Reward or reward points can later be used, for example, to make a payment for a purchase, to receive seller discounts, to purchase frequent flyer miles, etc. It will be appreciated by those of ordinary skill in the art that reward points can be earned by the buyer and applied to his or her virtual payment account in a myriad of different ways.
• It will also be appreciated that a similar process is performed for a seller to become an authorized or registered seller. In one embodiment, a seller can apply to become a participant by completing an application form on-line. In another embodiment, a seller applies to become a participant of the system using a more traditional manual application procedure. In yet another embodiment, some combination of an on-line and manual process is used. It will be appreciated that if the seller application process is performed in whole or in part on-line, a Web browser component (not shown inFIG. 4) is used to display Web pages on the seller'scomputer display72. The seller forms a contract with the provider of thecommerce gateway52. In one exemplary embodiment, this contract includes terms such as the billing period and the fee that will be paid to the commerce gateway provider. Since a seller is selling a product to a buyer who has a virtual payment account, the seller will not have sub-accounts in the same sense that a buyer has sub-accounts. However, a seller selling different types of data can have different accounts. For example, a book store may have a general account and one or more restricted accounts, for example, the restricted accounts may prohibit sales of adult products to minors. This can be in the form of a rating system (e.g., G, PG, PG13, NC17, R, etc.). In a similar manner to the buyer application process, once a seller has been approved and the seller account customized, a digital certificate is installed on the seller'scomputer51 to identify the seller as a registered seller in the virtual payment system. The digital certificate is used in combination with a secret key generated by theseller server51 and a public key generated by the seller server and sent to thegateway52 to encrypt/decrypt messages for greater security.
• It will be appreciated, as described earlier, that a seller can apply for a “buyer” account. In other words, a seller can purchase products as the owner of a virtual payment account.
Digital Security
• The illustrated embodiment also allows a buyer to create a custom package of sub-accounts. As will be readily recognized by those of ordinary skill in the art, the buyer may be provided with any number, type or combination of sub-accounts depending on the desires of those providing and administrating the virtual payment system of the present invention.
• The buyer can add sub-accounts (e.g., supplemental users, young shoppers, etc.) via theWeb pages650 shown inFIG. 9C. Sub-accounts can be customized for young shoppers as shown inFIG. 9C, for example, by setting spending limits for the young shopper and identifying only those seller Web sites from which the young shopper can purchase products.
• As will be described in more detail below, once the virtual payment account has been authorized114 and customized, a digital certificate is transferred by thecommerce gateway52 and installed128 on thebuyer computer50. The digital certificate is then used in subsequent transactions as a unique credential to identify the buyer as a registered holder of a virtual payment account. In an actual embodiment of the present invention, a buyer or seller is identified as a registered user of the virtual payment system by thecommerce gateway52 verifying the commerce gateway's digital signature on the digital certificate associated with the buyer's virtual payment account
• It will be appreciated that several levels of security can be imposed on on-line transactions. Moving from the lowest level to the highest level, there can be: (1) no security restrictions imposed; (2) minimal security, such as account name and password verification; (3) intermediate security, such as a digital certificate or secret key; (4) high security, such as a transaction signed with a digital signature using the buyer's secret key; or (5) maximum security, such as a digital signature and additional access controls, such as an account number, a last purchase verification, smart cards, secure tokens, or some combination thereof. As will be described later, in the actual embodiment of the virtual payment system described herein, the term “digital certificate” is used to describe the authorization used; however, it will be appreciated that a higher level of security such as a digital signature, or a digital signature with additional access controls may be desired in order to ensure the highest level of security for all parties involved (i.e., the buyer, the seller, the commerce gateway, and the credit processing server) in virtual payment account transactions.
• In one exemplary embodiment of the security transaction, theseller server51 digitally signs a purchase offer with a certificate issued by thecommerce gateway52 and sends it to thebuyer computer50; thebuyer computer50 digitally signs the purchase offer with a certificate issued by thecommerce gateway52 and sends it back to theseller server51; theseller server51 then forwards the doubly signed purchase offer to thecommerce gateway52; thecommerce gateway52 verifies both signatures and if they are both valid and the transaction is permissible then signs the doubly signed offer and returns the resulting triply signed purchase offer to theseller server51; the seller server verifies the commerce gateway's52 signature, and if it is valid, then the purchase transaction is complete. In the aforementioned example, theseller server51 may notify thebuyer computer50 or they may not.
Ordering Products
• Once a buyer has created and customized his or her virtual payment account, he or she can immediately order products via the Internet if he or she was granted credit during the account application process. If, however, the buyer's virtual payment account is only a prepaid account, prepayment must be made before the buyer can order products. In an alternate embodiment, the buyer with only a prepaid account can order products, however, shipment of the product will be held until the prepaid account is sufficiently funded to cover the purchase. More specifically, this would allow any registered buyer to have a form of “digital layaway” and by ordering products directly from the Web site of any registered seller. It will be appreciated that in yet another embodiment, buyer and seller will use the same type of virtual payment accounts and that any buyer can therefore act as a seller and vice versa. Additionally, it will be appreciated that a seller can be an auction Web site, in which a buyer uses his or her virtual payment account to pay for the goods, services and/or content purchased from the auction Web site.
• In one actual embodiment of the present invention depicted inFIGS. 11A-11C, the buyer may “surf the Web” and visit a registered seller's Web site, such as “Virtual Store,”1100 using theWeb browser64. Once the buyer visits a registered seller's Web site, the buyer may order and pay for products offered from that Web site using his or her virtual payment account. More specifically, a buyer usingbuyer computer50 andWeb browser64 may retrieve theWeb page1100 shown inFIG. 11A from the seller Web site fictitiously known as “Virtual Store.” The buyer makes a selection of aparticular product1105 by manipulating a graphics cursor with a pointing device, such as a mouse above theselection1110 and “single-clicking.” It will be appreciated that other pages, for example, a query page in which the buyer requests products by a keyword, may be displayed. It will also be appreciated that theWeb page1100 shown inFIG. 11A is a simplified example. It is common for a seller site to allow a buyer to select multiple products and place them in a “shopping cart.” The buyer can then view the items in the cart and, if desired, remove items from the cart. Once the buyer has selected the desired items for purchase, the buyer indicates a desire to purchase the selected items, for example, by clicking an “OK” or a “Buy” button. In the simplified example shown inFIG. 11A, the buyer selects an item, such as the VirtualStore Personal Computer1105, and presses the “Order”button1110 to initiate the purchase transaction.
• After initiating the purchase transaction, theseller server51 provides theWeb browser64 of the buyer'scomputer50 with theWeb page1150 shown inFIG. 11B, which requestsshipping information1160, such as a street address, from the buyer. Additionally theWeb Page1150 includes various payment options, i.e., major credit cards, such as VISA® or MASTERCARD®, with electronic transmission of credit information. In accordance with the present invention, a virtual payment account option is also displayed as a payment option for registered sellers. After entering the shipping andpayment information1160 and selecting thevirtual payment option1155, the buyer can continue by clicking on the “Purchase”option1165. In an actual embodiment of the present invention thebuyer authenticator65 displays awindow1170 requesting the buyer to select their choice ofaccounts1172, along with an authenticatingpass phrase1175. After selecting an account and entering the correct pass phrase, the buyer clicks “Continue”1177 to proceed with the purchase. In response, theseller server51 calculates the total cost of the order, including tax and shipping and handling, and the buyer is presented with aconfirmation screen1180 as shown inFIG. 11C. After authorizing the purchase, the buyer may be presented with apayment confirmation screen1185 as shown inFIG. 11D. Additionally, the buyer may be presented with anorder confirmation screen1190 as shown inFIG. 11E.
• FIG. 12 illustrates the logic implemented by theWeb browser64 installed on thebuyer computer50 when the virtualpayment account option1155 is selected. The logic begins in ablock220 and proceeds to ablock222, where a secure connection between thebuyer computer50 andcommerce gateway52 is established. In an actual embodiment of the present invention, the Secure Socket Layer (SSL) protocol is used for establishing a secure connection. SSL uses public key encryption incorporated into a Web browser, such as NETSCAPE NAVIGATOR® Web browser and Netscape's commerce servers, to secure the information being transferred over the Internet. The logic then proceeds to ablock224 where abuyer authenticator component65 on thebuyer computer50 is executed. It will be appreciated that thebuyer authenticator component65 can also be included, in part or in whole, in theWeb browser64. Thebuyer authenticator component65 is shown in more detail inFIG. 13 and described next.
• Thebuyer authenticator65 determines whether a buyer is a registered holder of a virtual payment account or, put another way, a registered participant in the closed virtual payment system of the present invention. The logic ofFIG. 13 begins in ablock243 and proceeds to ablock244, where an authentication request and container are received from theWeb browser64. The container includes: transaction information, such as purchase detail; identification of the parties, such as a buyer identification which identifies the buyer, e.g., the digital certificate previously issued to the buyer when he or she created the virtual payment account as described above; and a seller identification, e.g., the digital certificate issued to the seller upon creation of a seller account; and context, such as transaction date and time. It will be appreciated that the container is initially empty, and data is then added to the container by various components. As stated earlier, embodiments of the invention implement thebuyer authenticator65 in theWeb browser64. In one actual embodiment, thebuyer authenticator65 is an applet operating from within theWeb browser64.
• Next, indecision block246, a test is made to determine if a digital certificate is installed on thebuyer computer50. The digital certificate may be stored in thebuyer computer50memory63 or one some other device associated with the buyer computer such as a secure token, a smart card or encrypted on some computer readable medium. It will be appreciated that other methods of digital identification can be used. If the digital certificate is installed, the digital certificate identification is inserted into the authentication container and the authentication request and container are returned to the Web browser inblocks248 and250. The container can be any one of a variety of data formats, for example, one embodiment of the present invention a proprietary protocol is used. In an actual embodiment of a present invention, a public key generated by the buyer's computer and signed by the commerce gateway (thereby forming a digital certificate) is also inserted into the container. The secret key is never transmitted anywhere in the virtual payment system of the present invention. The combination of the secret key and the digital certificate provides a heightened level of security to the buyer authentication process. A digital signature is generally a document that has been encrypted by the secret key of a public key pair. Only the public key of the same key pair will be able to decrypt the document to its original form. This is particularly useful in demonstrating that only the holder of the secret key is able to sign (encrypt) the document. In practical terms, signing a large document using public key cryptography can be very time consuming. Almost equally effective is creating a cryptographic message digest of the document and then encrypting the digest with the secret key. Therefore those of ordinary skill in the art will appreciate that anyone knowing the corresponding public key and the digest algorithm will be able to verify that the message was not altered and that it originated from the holder of the corresponding secret key. It will be appreciated that the digital certificate as used herein refers to an authentication identifier that is recognized by the provider of the virtual payment account that adheres to the provider's non-repudiation purchase policies.
• If, however, indecision block246 it is determined that a digital certificate is not installed on thebuyer computer50, the logic proceeds to adecision block252, where a test is made to determine if “certificate not present” processing should be performed. Certificate not present processing allows a buyer to manually enter identification information when a digital certificate is not present. The identification information can include information such as an e-mail address, a password, and personal information, for example, a mortgage payment amount. If the result ofdecision block252 is positive, the logic proceeds to an alternate authentication inblock254. The alternate authentication is shown in more detail inFIG. 14 and described next.
• The logic ofFIG. 14 begins at ablock1401 and proceeds to block1405, where the authorization options are displayed to the buyer. Next, it is determined in ablock1410 if the buyer requested an authorization code as the alternate authorization mechanism. If the buyer did choose to receive an authorization code, then theWeb browser64 on the buyer computer is sent an authorization code entry form in ablock1415 and the authorization code is sent to an authentication device in ablock1420.Exemplary authentication devices2800 or2900 are shown inFIGS. 28 and 29 respectively. After receiving the authorization code, the buyer enters the code in the authorization code entry form in ablock1425.
• If, however, atblock1405 the buyer decides not to request an authorization code, then fromblock1410 the logic flows to ablock1450 where an interactiveauthentication Web form3000 is sent to theWeb browser64 on the buyer'scomputer50. An exemplary interactiveauthentication Web form3000 is shown inFIG. 30. Next in ablock1455 the buyer completes the interactiveauthentication Web form3000.
• Next, the completed authorization entry form fromblock1425 or1455 is transmitted to thecommerce gateway52 in ablock1430. The logic then proceeds to ablock1435, where it is determined whether the authentication was successful. If the authentication was successful the logic ends at ablock1498 returning a successful authentication. If the authentication was unsuccessful the logic ends at ablock1499 returning an unsuccessful authentication.
• Returning toFIG. 13 the logic then moves to ablock256 where the information from the alternate authentication process is passed back through thebuyer authenticator65 and the logic ends atblock262. If there is no digital certificate installed (“No” in decision block246) and certificate not present processing is not going to be performed, for example, by a user selecting “cancel”3010 in the certificate not presentauthorization Web page3000 shown inFIG. 30 (or “No” in decision block252), the buyer likely does not have a virtual payment account. Accordingly, the logic ofFIG. 13 proceeds to adecision block258, where a test is made to determine if the buyer wishes to apply for a virtual payment account. If the buyer wishes to apply for a virtual payment account, the logic proceeds to ablock260, in which the buyer is allowed to apply for a virtual payment account as shown inFIG. 15 and described next. Otherwise, thebuyer authenticator65 returns an unsuccessful authorization message to theWeb browser64 in ablock261 and the logic ends inblock262.
• FIG. 15 illustrates the logic implemented by theWeb browser64 when a buyer applies for a virtual payment account. It will be appreciated that applying for a virtual payment account can be invoked by a buyer requesting an account directly from thecommerce gateway52 or by a buyer who is not registered attempting to order a product from a registered seller. In either case, the logic for applying for a virtual payment account via aWeb browser64 begins in ablock270 and proceeds to ablock272 where a request for an application form is received by theWeb browser64. Next in ablock273, the request for an application form is sent to theWeb server component87 of thecommerce gateway52. The requested application form is then received from theWeb server component87 of thecommerce gateway52 and displayed in the buyer's Web browser in ablock274.
• Next, in ablock275, the completed account application form is sent to thecommerce gateway52 and processed by anenrollment server component89 as shown inFIG. 16, and described next. In another embodiment, the account application is sent to thetransaction server component84 that handles financial transactions and also handles non-financial transactions, such as enrollment.
• The logic of theenrollment server89 shown inFIG. 16 begins in ablock280 and proceeds to ablock282 where a completed application form is received from the Web browser. Next, in ablock283, identity information, such as name, employer, current residence, etc., is requested from anidentity bureau56 via theidentity bureau adapter79 whose logic is shown inFIG. 27 and described next.
• Accordingly, the logic ofFIG. 27 begins in ablock2705 and proceeds to ablock2710 where the identity request is received. The request is then formatted to be compatible with the particular identity bureau in ablock2715. Next, the logic proceeds to ablock2720, where the formatted request is then sent toidentity bureau56. The result of the request is received from the identity bureau in ablock2725. Next, in ablock2730, the result is then returned to requester. The logic ofFIG. 27 then ends in ablock2735.
• Returning toFIG. 16, if in ablock284, which in this case is theenrollment server89, it is determined that the identity information received from theidentity bureau56 via theidentity bureau adapter79 corresponds to the information in the application received inblock282, then processing continues to ablock285, where the enrollment server requests credit information, such as income, length of time with current employer, length of time at current residence, etc., from acredit bureau58 via the creditprocessing server adapter86 as shown inFIG. 21 and described later with reference to a purchase authorization request.
• Upon receipt of the credit information, the logic proceeds to ablock286, where the application is scored based on the identity bureau information and credit bureau information in combination with internal criteria. The internal criteria provide a score for the various pieces of credit information. For example, incomes will be broken down into ranges, with a point value assigned to each range. Similarly, point values will be assigned based on the time the applicant has lived at his or her current residence, etc. The points for each piece of credit information are combined to determine a score for the applicant. The score equates to the credit worthiness of the buyer and is used to determine if the applicant will receive a credit account or, if the score falls in an intermediate range, a prepaid account and, if so, to establish a credit limit for the applicant, i.e., buyer. Next, if the score is above a threshold logic ends with a successful enrollment result returned to the Web browser in ablock288. However if the score is below a certain threshold or if the identity information provided by theidentity bureaus56 does not correspond to that of the buyer's application, then an unsuccessful result is returned in ablock289. Processing then returns toFIG. 15.
• InFIG. 15, once a response is received from the enrollment server89 ablock265 examines whether an account was created. If it was, then a request is sent to thebuyer computer50 to generate a public key encryption pair inblock267 and to submit the public key to theenrollment server89 on thecommerce gateway52. The enrollment server then signs the public key to create a digital certificate and returns a successfulenrollment Web page620, as shown inFIG. 8E, which is received in ablock276 along with the digital certificate in ablock278. If atblock265 it was determined that an account was not created then an unsuccessful application Web page is displayed (not shown) at ablock266. In the case of applying for a virtual payment account, theresult page620 provides details of the new account for the buyer, or contains a message informing the buyer that there was an error creating the account. The logic ofFIG. 15 of applying for a virtual payment account then ends in ablock279 and processing returns toFIG. 13.
• Referring again toFIG. 13, after the buyer has applied for a virtual payment account, the logic returns to decision block246 where the test to determine if a digital certificate is installed on thebuyer computer50 is repeated. Depending on the results ofdecision block246, either blocks248-250 or blocks252-256 are repeated for the recent applicant of a virtual payment account. The logic then ends in ablock262.
• While the logic of authenticating a buyer as shown inFIG. 13 and described herein uses a digital certificate as the primary means for authenticating a buyer, it will be appreciated that other methods are possible. For example, a lesser level of security could be employed, whereby a user could be required to enter identifying information, such as the information entered in alternate authentication shown inFIG. 14. Alternatively, a greater degree of security could be employed whereby a digital certificate is required, and “certificate not present” processing is not allowed. Or, an even greater level of security could be used requiring a digital signature and other verifying information from the buyer.
• Returning toFIG. 12, after buyer authentication is completed inblock224, the logic proceeds to adecision block226, where a test is made to determine if the buyer authentication was successful. If not, the logic proceeds to ablock227, where an error message is displayed on thebuyer computer50 by theWeb browser64 notifying the buyer of the failed authentication. The logic ofFIG. 12 ends in ablock242.
• However, if the buyer was successfully authenticated, the logic proceeds to ablock228 where a virtual payment accountselection Web page1170 as shown inFIG. 11B is displayed. Included in the requested information of the virtual payment accountselection Web page1170 is an identification of the applicable account or sub-account to which the purchase should be applied. Next, in ablock230, sub-account and password information (used to unlock the buyer's digital certificate) are obtained from the buyer from the information entered in the virtual payment accountselection Web page1170 ofFIG. 11B when the buyer indicates that the information has been entered by selecting “Continue”1177. The logic ofFIG. 12 then proceeds to ablock232 where the sub-account, and an authentication container are sent to thecommerce gateway52 and processed by the accountidentification container generator88 shown inFIG. 17 and described next.
• The logic ofFIG. 17 begins in ablock800 and proceeds to ablock802, where the sub-account and authentication container are received fromWeb browser64 of thebuyer computer50. The logic then proceeds to ablock804 where an internal account identification associated with authentication container is determined. An empty account identification container is then created in ablock806. Next, in ablock808, internal account identification and sub-account information is added to the empty account identification container. The logic then proceeds to ablock810 where an internal digital signature is applied to the account identification container. For example, message digest logic can be used by applying an algorithm that takes a variable length message and produces a fixed length digest as output using a one-way hashing algorithm that establishes the message as cryptographically secure. Finally, the account identification container is returned to theWeb browser64 in ablock812. The logic ofFIG. 17 then ends at ablock814, and processing returns toFIG. 12.
• Returning toFIG. 12, after the sub-account and authentication container are sent to thecommerce gateway52, the logic then proceeds to ablock234 where the logic waits to receive the account identification container from the account identificationcontainer generator component88 of thecommerce gateway52. Once the account identification container is received from thecommerce gateway52, the logic proceeds to ablock238 where a purchase request is sent to thecommerce engine75 in the form of a request and account identification container for processing as shown inFIG. 18 and described next.
• Thecommerce engine75 is the component of theseller server51 that determines whether or not the order will be processed and whether the requested product will ultimately be provided to the buyer. It will be appreciated that commerce engines are well known in the art. Thecommerce engine component75 used in conjunction with the commercegateway adapter component76 allows the virtual payment system of the present invention to expand existing technology that is currently used for traditional credit systems to encompass the virtual payment account of the present system. It will be further appreciated that while the embodiment shown and described modifies the commerce engine to achieve this functionality (which may be possible through existing API calls of the commerce engine), other embodiments are possible. This expanded commerce engine functionality is shown inFIG. 18.
• The logic ofFIG. 18 begins in ablock300 and proceeds to ablock302 where a purchase request and account identification container are received from theWeb browser64 of thebuyer computer50. The logic then proceeds to adecision block304 where a test is made to determine whether the purchase request should be forwarded to thecommerce gateway adapter76. If the purchase request is to purchase products using a virtual payment account, the request should be forwarded to thecommerce gateway adapter76 for processing in accordance with the virtual payment system of the present invention. In another embodiment, only the request (without the account identification container) is received from the Web browser inblock302, and if it is determined indecision block304 that the purchase request should be forwarded to thecommerce gateway adapter76, the account identification is then obtained from theWeb browser64. In either case, if it is determined indecision block304, that the purchase request should be forwarded to thecommerce gateway adapter76, the logic proceeds to ablock306 where the request is forwarded to the commerce gateway adapter. Thecommerce gateway adapter76 is shown in more detail inFIG. 19 and described next.
• Thecommerce gateway adapter76 is a component residing on theseller server51 that allows the seller server to communicate directly with thetransaction server component84 of thecommerce gateway52 in order to expand the authorization function of thecommerce engine75 to include virtual payment account transactions. Accordingly, the logic ofFIG. 19 begins in ablock330 proceeds to ablock332 where the forwarded purchase request and account identification container are received from thecommerce engine75. Next, in ablock334 the purchase request and account identification container are sent to thetransaction server84 in the form of a transaction request for further processing as shown inFIG. 20 and described next.
• Thetransaction server component84 of thecommerce gateway52 is responsible for interfacing with the other components of the system and determining whether or not a requested transaction should be applied to a buyer's virtual payment account. The logic ofFIG. 20 begins in ablock350 and proceeds to ablock352, where the transaction request is received. Next, in ablock353 the account identification container is decoded and verified. The origin or source of the request as well as the context, i.e., date and time, of the request are then recorded inmemory83 of thecommerce gateway52 in ablock354. Next, the logic proceeds to adecision block356, where a test is made to determine whether the requested transaction is permissible. A variety of factors can be considered in making the determination of whether a requested transaction is permissible. For example, spending limit cannot be exceeded, and user-imposed limitations, such as those put on a young shopper account, e.g., sites from which the young shopper can make purchases and hours during which the young shopper can make purchases as shown inFIG. 9C, cannot be violated.
• If the transaction is not permissible, the logic proceeds to ablock357, where an impermissible transaction message is sent to the requester (e.g., thecommerce gateway adapter76 in the context of a purchase request). The logic ofFIG. 20 then ends in ablock376. If, however, the transaction is permissible, the logic proceeds fromdecision block356 to ablock360, where the transaction request is sent to a creditprocessing server adapter86 for further processing as shown inFIG. 21 and described next.
• The creditprocessing server adapter86 is the component residing on thecommerce gateway52 that allowscommerce gateway52 components, such as thetransaction server84 and theenrollment server89, to communicate directly with the various sub-systems of thecredit processing server53, which provide for the application of the requested transaction to the buyer's actual payment account. Accordingly, the logic ofFIG. 21 begins in ablock380 and proceeds to ablock382, where the request is received. For example, a purchase authorization request or a refund request is received from thetransaction server84, and a credit information request is received from theenrollment server89. The request is then formatted to be compatible with the appropriate credit processing sub-system, i.e., the account/billing sub-system94, thepayment processing sub-system95 and/or theaccount enrollment sub-system96, on thecredit processing server53 in ablock384. Next, the logic proceeds to ablock386, where the formatted request is then sent tocredit processing server53 for processing by the appropriate credit processing sub-system, as shown inFIG. 22 and described next.
• For any credit processing sub-system, the logic ofFIG. 22 begins in ablock390 and proceeds to ablock392, where the transaction request is received from the creditprocessing server adapter86. Next, account data and sub-account data are retrieved inblocks394 and396, respectively, from the appropriate database, e.g.,account database97 andfinancial database98. Standard credit transaction processing is then performed in ablock398. Examples of standard transactions for the account/billing sub-system94 include: creating and maintaining accounts, including holding account information and account holder information, such as name and address; calculating interest; calculating minimum monthly payments; generating electronic monthly statements; and calculating other charges, known as discounts. The discount is the portion of the transaction amount that will go to the provider of thecommerce gateway52, and can be determined on a fixed amount per transaction basis or a percentage of transaction amount basis. Examples of standard transactions for thepayment processing sub-system95 include: collecting payments from buyers and applying the payments to the buyer's account; transferring funds between sellers and buyer, for example by interfacing withfinancial institutions59 for ACH transactions. Examples of standard transactions for the account enrollment sub-system include: obtaining credit information from credit bureaus; providing the credit information to thecommerce gateway52 for scoring; determining a credit score based on the credit information and providing the score to the commerce gateway; and providing scoring information to the account/billing sub-system94 for account creation.
• The logic then proceeds to ablock399, where necessary account adjustments are applied, if applicable. For example, the account balance will be reduced by the amount of an authorized purchase transaction. In one embodiment of the present invention, reward points are accrued at the time of purchase, but committed later, for example during the periodic, e.g., monthly, statement preparation process. Alternatively, reward points may not accrue until payment is made for the product to which the points are attributed. Next, the transaction result, such as the credit information or the purchase authorization, is sent to the creditprocessing server adapter86 in ablock400. The logic ofFIG. 22 then ends in ablock402 and processing returns toFIG. 21.
• Returning toFIG. 21, the result of the transaction request is received from thecredit processing sub-system94,95 or96 in ablock387. Next, in ablock388, the result is then returned to requester, e.g., the result of a purchase authorization request is returned to thetransaction server84 and credit information, for example, a credit limit, is returned to theenrollment server89 in response to request for a credit information request to be used for establishing a buyer's account. The logic ofFIG. 21 then ends in ablock389 and processing returns to the requester, e.g., transaction server84 (FIG. 20) or enrollment server89 (FIG. 16).
• Returning toFIG. 20, once the transaction server receives the response to its transaction request, e.g., authorization result of a purchase request, from the credit processing adapter in ablock363, the logic proceeds to ablock364 where the transaction record, for example, purchase information including amount of purchase, is stored inmemory83 of thecommerce gateway52. The logic then proceeds to adecision block366, where a test is made to determine if the transaction was successfully processed. If so, the logic proceeds to ablock370, where a transaction response with a valid status is then sent to the requester (e.g., thecommerce gateway adapter76 or theWeb browser64, whichever the case may be). If the transaction was not successfully processed, the logic proceeds fromdecision block366 to ablock374, where a transaction response with an error status is then returned to the requester in ablock376.
• After avalid transaction response370, anerror transaction response374 or animpermissible transaction response357 is sent to the requester, the logic ofFIG. 20 ends inblock376 and processing returns to the requester. In the case of a purchase request, the requester is thecommerce gateway adapter76. In one exemplary embodiment, a record of all transactions is stored in thefinancial database98.
• Returning toFIG. 19, after the response to the purchase request made by thecommerce gateway adapter76 is received from the transaction server in ablock336, the logic proceeds to ablock338, where the response including the transaction status is formatted to be compatible with thecommerce engine75. The formatted response is then forwarded to the commerce engine in ablock340. The logic ofFIG. 19 then ends in ablock342 and processing returns to thecommerce engine75 inFIG. 18.
• Returning toFIG. 18, once a response is received by thecommerce engine75 from thecommerce gateway adapter86 in ablock308, the authorized and ordered product is shipped to the buyer in ablock310. It will be appreciated by those of ordinary skill in the art that if the ordered product is capable of being downloaded, e.g., the product is an electronically stored good, a URL for a premium content Web site, etc., the product will simply be transferred by theseller server51 to thebuyer computer50. Otherwise, the product will be shipped or provided by more traditional methods, e.g., regular mail, hand delivery, etc. Once shipment is complete, the logic then proceeds to ablock312 where a settlement request is sent to thecommerce gateway52 in order to initiate movement of funds. In an actual embodiment of the present invention, the seller submits the transaction into a settlement batch for payment when the settlement batch for that seller is next processed. The timing of the processing could be that night or at a later date based on the contract, i.e., terms of the purchase transaction.FIG. 41 illustrates anexemplary Web page4100 for designate when batches should be processed. Settlement transactions are described inFIG. 24 in more detail below with reference toFIG. 24.
• Returning toFIG. 18, in ablock314, a response confirming fulfillment of the order is sent to theWeb browser64 of the buyer'scomputer50. The logic ofFIG. 18 then ends in ablock324.
• However if atdecision block304, it is determined that the purchase request should not be forwarded to thecommerce gateway52; the logic proceeds to ablock316 where standard commerce engine processing is performed. More specifically, inblock316 traditional credit or debit card authorization is performed, such as approval or denial for the use of a credit card, e.g., VISA® or MASTERCARD®, for the specified purchase amount. Next, the authorized goods are shipped in ablock318. The logic then proceeds to ablock320, where a settlement request is sent to the traditional credit provider, e.g., VISA® or MASTERCARD®. A response confirming fulfillment of the order is then sent to theWeb browser64 of thebuyer computer50 in ablock322. The logic ofFIG. 18 then ends inblock324 and processing returns toFIG. 12.
• Returning toFIG. 12, once theWeb browser64 of thebuyer computer50 receives a response to its purchase request in ablock240, the logic proceeds to ablock241, where an orderconfirmation Web page1190 is displayed as shown inFIG. 11E. The logic ofFIG. 12 then ends inblock242.
• FIG. 23 is a diagram illustrating the actions taken by the buyer'scomputer50, theseller server51 and thecommerce gateway52 for ordering products using a virtual payment account system. This diagram presents a high-level view of the detailed processing shown in the flow charts described above. In response to an inquiry into purchasing aproduct2305, a seller returns apurchase offer2310 to the buyer'scomputer50. At this point, the buyer has the option of beginning the purchasing process as shown inFIG. 12. To continue thebuyer authenticator65 checks to see which credentials, e.g. certificates, are available to the buyer and selects all available credentials to be used by thecommerce gateway2315 to authenticate the buyer. Thebuyer computer50 then requests a list of all accounts or sub-accounts2320 for these credentials from thecommerce gateway52. Thecommerce gateway52 returns only those accounts that are usable by thebuyer2325 using the selected credentials. Thebuyer computer50 then generates apurchase confirmation2330 using one of the accounts on the list returned from thecommerce gateway52.Buyer computer50 then sends thepurchase confirmation2335 to theseller server51. Theseller server51requests authorization2340 from the commerce gateway to verify that the purchase confirmation is valid. The commerce gateway then returns anauthorization2350 that the purchase confirmation is valid. Theseller server51 may then notify2355 thebuyer computer50 that the purchase confirmation was authorized. The seller server then prepares the purchase fordelivery2360. At this point, the seller may request asettlement transaction2365 from thecommerce gateway52, which would then provide asettlement transaction2370 back to theseller server51. Theseller server51 may then notify2375 thebuyer computer50 of delivery details. Finally, the good(s) or service(s) that the buyer purchased are delivered2380.
• If the seller is an auction Web site, theauthorization2340 sent by thecommerce gateway52 to theseller server51 includes information such as a buyer account identification, a seller identification, a seller sale offering, a buyer authentication, a seller authentication, and a master identification, i.e., identification of thecommerce gateway52 provider. Particular to this type of response is an expiration date/time that is used to signal the shorter of the maximum times that the buyer and the seller are willing to “reserve” funds associated with this transaction. If the transaction, i.e.,settlement request2365, is not received by thecommerce gateway52 before the expiration date/time of the transaction, the products and/or funds will be released back to their owners. At a later time, once the buyer has committed to the purchase, the buyer releases an authorization to the provider of thecommerce gateway52 knowing that the seller has proven ability to ship the products on demand without delay. This initiates the actual settlement of funds and triggers payment to the seller in the next settlement batch, without any further interaction with the seller. This payment method supports buyer-initiated, pre-approved purchases with expiration date/time, such as auction and gift-certificate purchases.
• It will be appreciated thatFIG. 23 illustrates processing of a valid purchase transaction. If there is an error at any time during the processing, e.g., buyer is not authorized because he or she is not a registered buyer, has exceeded his or her spending limit, etc., processing will terminate after an appropriate error response has been returned to thebuyer computer50 for display to the buyer via theWeb browser64.
Settlement Transaction
• When a seller establishes a seller account, a contract is formed defining the relationship between the seller and the commerce gateway provider. That contract defines the terms, such as when payments will be funded and what fee shall be given to the commerce gateway provider. The commerce gateway fee can be a per transaction fee or a percentage fee based on the amount of a transaction. The logic for settlement transactions for a virtual payment account is similar to the logic used for processing standard credit card settlement transactions. After the seller ships the product, the seller sends a settlement transaction to thecommerce gateway52 as shown inFIG. 24. It will be appreciated that the logic performed by theseller server51 can be performed by thecommerce engine component75, or some other component, for example, a Web browser (not shown) residing on theseller server51.
• FIG. 24 illustrates the logic implemented byseller server51 when the seller wishes to perform a settlement transaction. The logic begins in ablock530 and proceeds to ablock532, where a secure connection between theseller computer51 andcommerce gateway52 is established using the same logic shown and described with reference to the buyer inblock222 ofFIG. 12. The logic then proceeds to ablock534 where the seller authenticator process is run. The seller authenticator process is similar to the buyer authenticator process shown inFIG. 13 and described above. Next, in adecision block536, a test is made to determine if the seller is a registered participant (i.e., seller's digital certificate was issued by the commerce gateway provider, seller's digital certificate has not expired and seller's digital certificate has not been revoked). If not, the logic proceeds to ablock538 where a seller authentication error message is displayed on theseller server display72, for example, via a Web browser. The logic ofFIG. 24 then ends in ablock548.
• If the seller authenticator process is successful, the logic proceeds fromdecision block536 to ablock544 where a settlement request is sent to thetransaction server84 on thecommerce gateway52. As shown and described inFIG. 25, thetransaction server84 forwards the request to the creditprocessing server adapter86, which in turn forwards the transaction request to the appropriate credit processing sub-system. In the case of a settlement transaction request, thepayment processing sub-system95 processes the transaction. The payment processing sub-system forwards the settlement request to thefinancial institution59. The financial institution funds the transactions into the commerce gateway provider's account. The commerce gateway provider takes its percentage and pays the sellers their portion. Thefinancial institution59 waits for their billing cycle, e.g., monthly, and then charges the buyers for their purchases plus interest charges. The financial institution waits for the buyer payments. If the buyer does not pay, standard late payment processing, such as late notices, finance charges, etc. is performed.
• The logic ofFIG. 25 begins in ablock2505 and proceeds to ablock2510, where the settlement request is received. The origin or source of the settlement request as well as the context, i.e., date and time, of the request are then recorded inmemory83 of thecommerce gateway52 in ablock2515. Next, the logic proceeds to adecision block2520, where a test is made to determine whether the requested settlement is permissible. A variety of factors can be considered in making the determination of whether a requested settlement is permissible. Some factors might include a settlement request for a transaction that did not have a purchase confirmation from a buyer, that had a purchase confirmation from a buyer whose account did not hold sufficient funds, for an auction settlement whose time had expired or whose credentials were no longer valid. It will be appreciated that yet other factors may cause a settlement transaction to be impermissible. If the transaction is not permissible, the logic proceeds to ablock2560, where an impermissible settlement request message is sent to the requester, i.e., the seller, in this case. If, however, the transaction is permissible, the logic proceeds fromdecision block2520 to ablock2525, where the transaction request is sent to a creditprocessing server adapter86 for further processing as shown inFIG. 21 and described above. Continuing inFIG. 20, once the transaction server receives the response to its transaction request, e.g., authorization result of a settlement request, from the credit processing adapter in ablock2530, the logic proceeds to ablock2535 where a transaction record, for example purchase information including amount of purchase, is stored inmemory83 of thecommerce gateway52. The logic then proceeds to adecision block2540, where a test is made to determine if the transaction was successfully processed. If so, the logic proceeds to ablock2545, where a transaction response with a valid status is then sent to the requester, i.e., the seller in this case. If the transaction was not successfully processed, the logic proceeds fromdecision block2540 to ablock2555, where a transaction response with an error status is then returned to the requester.
• After avalid transaction response2545, anerror transaction response2555, or animpermissible transaction response2560 is sent to the requester, the logic ofFIG. 25 ends inblock2550 and processing returns to the requester.
• Referring back toFIG. 24, after thetransaction server84 has processed the settlement transaction and provided the results of the settlement transaction to the seller'scomputer51, the result of the settlement transaction is displayed on the seller'sdisplay73, for example, via the seller server's Web browser. The logic ofFIG. 24 then ends inblock548.
Refund Transaction
• FIG. 26 illustrates the logic implemented by the present invention when a refund transaction is initiated, for example, when a buyer disputes a charge on his or her virtual payment account. As with any payment dispute, it must be determined whether the buyer will receive all or a portion of the disputed amount. This process is external to the virtual payment system of the present invention. The determination of whether the dispute has merit is determined by the seller. If the seller determines that the dispute has merit, the seller notifies a customer service representative and a refund transaction is initiated. In the embodiment shown inFIG. 26 and described herein, if it is determined that an amount disputed by a buyer is subject to a refund, a customer service representative initiates the refund, or chargeback transaction via theadministrative computer54 shown inFIG. 2. In one actual embodiment, the administrative computer is a “dumb terminal” by which the customer service representative enters information directly into thetransaction server84 on thecommerce gateway52. In another embodiment, the administrative computer may have a Web browser that allows the administrator to enter the information using Web pages available only on theLAN44 behind thefirewall55, i.e., the buyer and seller do not have access to these administrative Web pages.
• Referring toFIG. 26, the logic begins in ablock550 and proceeds to ablock552 where the refund information including account, sub-account and amount is obtained. The refund transaction information is then sent to thetransaction server84 by theadministrative computer54 in ablock554 in the form of a refund request.Transaction server84 processing is shown and described with reference toFIG. 20.
• As also noted above, in processing the refund request, thetransaction server84 will forward a transaction request to thecredit processing server53 for processing by the account/billing sub-system94 as shown inFIG. 22. A refund applied to a buyer's virtual payment account causes the buyer's balance to decrease by the amount of the payment. Still referring toFIG. 26, after thetransaction server84 has processed the refund transaction, the result of the transaction processing is received and displayed by theadministrative computer54. The logic ofFIG. 26 then ends in ablock558. Unlike the purchase transaction, the refund transaction is not initiated by the buyer via theWeb browser64; therefore, the buyer is notified by other means, for example by sending an e-mail message to the buyer'scomputer50. It will also be appreciated that in yet other embodiments of the present invention, theseller server51 may initiate the refund request as opposed to theadministrative computer54.
Buyer Account Management
• Other transactions normally associated with an account such as a standard credit card account are also applicable to the virtual payment account of the present invention.FIGS. 10A-10C illustrate some examples of Web pages used by a buyer with a virtual payment account. Processing of these transactions is similar to other transaction processing as illustrated in flow diagrams and described above, and therefore will not be discussed in further detail herein.FIG. 10A illustrates aWeb page660 containing details of aprimary account632 along withsub-accounts634.FIG. 10B illustrates anexemplary Web page665 summarizing the sub-accounts for amaster account634.FIG. 10C illustrates a transactionsummary Web page670 for the sub-accounts for a given master account.
Seller Reports
• It is often desirable for seller's to have detailed reports available to judge the current state of their business. Accordingly, the present invention maintains records of transactions in readily retrievable formats. It is also desirable that competitors not have access to the same reports on the details of a seller's business. Accordingly, the present invention provides for secure authenticated access to a seller's reports.FIG. 42 illustrates the logic for generating seller reports. The logic starts at ablock4201 and proceeds to ablock4210 that establishes a secure connection between theseller computer51 and thecommerce gateway52. The logic then proceeds to ablock4215 where the seller is authenticated much as the buyer authenticator illustrated inFIG. 13. The flow continues to ablock4220 where a test is performed to see if the seller has been authenticated. If the authentication was successful, the logic continues to ablock4225 where the seller requests thetransaction server84 to generate a report. At ablock4230 the transaction server retrieves relevant information and generates a report, which in ablock4235 is received by the seller computer for viewing by the seller. The logic ends in ablock4299.
• In one actual embodiment of the present invention, thecommerce gateway52 requests report information from thecredit processing server53, in particular from thefinancial database98 stored on the credit processing server. It will be appreciated by those of ordinary skill in the art that a financial database may be used to store information for report generation, yet may also store information relevant for other purposes.
• FIGS. 31,33,35,37, and39 illustrateexemplary Web pages3100,3300,3500,3700, and3900 illustrating exemplary reports available to a seller.FIG. 31 shows anexemplary Web page3100 with a graph charting the number of sales occurring each month during a year-long period.FIG. 33 shows anexemplary Web page3300 with a table indicating the status and information on particular orders received.FIG. 35 shows anexemplary Web page3500 with a table listing transactions that have already been processed for each order, and the result of that processing.FIG. 37 shows anexemplary Web page3700 with a table listing item sales and along with relevant statistics such as number of units sold, what percentage of units have been sold, and what percent of overall sales does that item account for.FIG. 39 shows anexemplary Web page3900 with a table listing transactions that have yet to be processed and are still wait for the next batch of transaction to be run.
• FIGS. 32,34,36,38, and40 illustrate exemplary Web page forms3200,3400,3600,3800, and4000 for customizing seller reports.
• While the preferred embodiment of the invention has been illustrated and described, it will be appreciated that various changes can be made therein without departing from the spirit and scope of the invention. For example, it will also be appreciated that there are other transactions applicable to a virtual payment account of the present invention, e.g., account closure, credit limit modification, overdue account notification, etc. It will be appreciated that these transactions can be initiated by various components of the system, for example a financial institution may institute a change in a credit limit by sending a request to one of the sub-systems on the credit processing server. One of ordinary skill in the art will recognize that the requests for such transactions are processed by the virtual payment system of the present invention in a manner similar to the processing of the purchase settlement, and refund transactions described in detail above.

Claims (23)

1. Computer-readable medium having executable components stored on a buyer computer, a seller computer, and a commerce gateway for purchasing a product from a seller computer using a virtual payment account associated with the buyer computer, wherein the executable components purchase the product by:

in response to receiving a purchase request from a buyer computer to purchase a product from a seller computer using a virtual payment account, the commerce gateway determining whether the buyer computer is associated with the virtual payment account and whether the virtual payment account is valid;

in response to the commerce gateway determining that the buyer computer is associated with the virtual payment account and that the virtual payment account is valid, the commerce gateway applying a cost of the product to the virtual payment account; and

the seller computer arranging to provide the product to a buyer associated with said buyer computer.

2. The computer-readable medium ofclaim 1, wherein determining whether the buyer computer is associated with the virtual payment account and whether the virtual payment account is valid comprises:

the buyer computer retrieving a digital certificate;

transmitting an authentication request including the digital certificate from the buyer computer to the commerce gateway;

determining whether the virtual payment account is valid;

determining whether the virtual payment account is associated with the buyer computer; and

transmitting an account identification container from the commerce gateway to the buyer computer in response to determining that the buyer computer is associated with the virtual payment account and that the virtual payment account is valid.

3. The computer-readable medium ofclaim 2, wherein the digital certificate is stored in the memory of the buyer computer.

4. The computer-readable medium ofclaim 2, wherein the digital certificate is stored in a secure token.

5. The computer-readable medium ofclaim 2, wherein applying a cost of the product to the virtual payment account comprises:

said seller computer receiving an account identification container;

said seller computer transmitting the account identification container and the cost of the product to the commerce gateway;

the commerce gateway determining whether the virtual payment account may be charged for the cost of the product; and

in response to the commerce gateway determining that the virtual payment account may be charged for the cost of said product, transmitting a valid transaction authorization from the commerce gateway to the seller computer.

6. The computer-readable medium ofclaim 5, wherein the digital certificate is stored in the memory of the buyer computer.

7. The computer-readable medium ofclaim 5, wherein the digital certificate is stored in a secure token.

8. The computer-readable medium ofclaim 5, wherein the executable components are also stored on a credit processing server and wherein the credit processing server determines whether the virtual payment account is associate with the buyer computer.

9. The computer-readable medium ofclaim 8, wherein the digital certificate is stored in the memory of the buyer computer.

10. The computer-readable medium ofclaim 8, wherein the digital certificate is stored in a secure token.

11. The computer-readable medium ofclaim 8, wherein applying a cost of the product to the virtual payment account comprises:

said seller computer receiving an account identification container;

said seller computer transmitting the account identification container and the cost of the product to the commerce gateway;

the commerce gateway determining whether the virtual payment account may be charged for the cost of the product; and

in response to the commerce gateway determining that the virtual payment account may be charged for the cost of said product, transmitting a valid transaction authorization from the commerce gateway to the seller computer.

12. The computer-readable medium ofclaim 11, wherein the digital certificate is stored in the memory of the buyer computer.

13. The computer-readable medium ofclaim 11, wherein the digital certificate is stored in a secure token.

14. The computer-readable medium ofclaim 8, wherein the credit processing server also determines whether the virtual payment account is valid.

15. The computer-readable medium ofclaim 14, wherein the digital certificate is stored in the memory of the buyer computer.

16. The computer-readable medium ofclaim 14, wherein the digital certificate is stored in a secure token.

17. The computer-readable medium ofclaim 14, wherein applying a cost of the product to the virtual payment account comprises:

said seller computer receiving an account identification container;

said seller computer transmitting the account identification container and the cost of the product to the commerce gateway;

the commerce gateway determining whether the virtual payment account may be charged for the cost of the product; and

in response to the commerce gateway determining that the virtual payment account may be charged for the cost of said product, transmitting a valid transaction authorization from the commerce gateway to the seller computer.

18. The computer-readable medium ofclaim 17, wherein the digital certificate is stored in the memory of the buyer computer.

19. The computer-readable medium ofclaim 17, wherein the digital certificate is stored in a secure token.

20. The computer-readable medium ofclaim 1, wherein determining whether the buyer computer is associated with the virtual payment account comprises:

transmitting an authentication request from the buyer computer to the commerce gateway;

sending an authentication message from the commerce gateway to a buyer authentication device;

retrieving the alternate authentication message;

verifying the alternate authentication message with the commerce gateway; and

in response to verifying the alternate authentication message, determining that the buyer computer is associated with the virtual payment account.

21. The computer-readable medium ofclaim 20, wherein applying a cost of the product to the virtual payment account comprises:

the seller computer receiving an account identification container;

the seller computer transmitting the account identification container and the cost of the product to the commerce gateway;

the commerce gateway determining whether the virtual payment account may be charged for the cost of the product; and

in response to the commerce gateway determining that the virtual payment account may be charged for the cost of said product, transmitting a valid transaction authorization from the commerce gateway to the seller computer.

22. The computer-readable medium ofclaim 1, wherein if the buyer computer cannot retrieve the digital certificate, determining whether the buyer computer is associated with the virtual payment account comprises:

transmitting an authentication request from the buyer computer to the commerce gateway;

sending an authentication message from the commerce gateway to a buyer authentication device;

retrieving the alternate authentication message;

verifying the alternate authentication message with the commerce gateway; and

in response to verifying the alternate authentication message, determining that the buyer computer is associated with the virtual payment account.

23. The computer-readable medium ofclaim 22, wherein applying a cost of the product to the virtual payment account comprises:

the seller computer receiving an account identification container;

the seller computer transmitting the account identification container and the cost of the product to the commerce gateway;

the commerce gateway determining whether the virtual payment account may be charged for the cost of the product; and

in response to the commerce gateway determining that the virtual payment account may be charged for the cost of said product, transmitting a valid transaction authorization from the commerce gateway to the seller computer.

Images