Patent Application
20160019538
The present disclosure relates generally to electronic commerce, and, in particular, to enhancing security in electronic commerce transactions.
The Internet today comprises billions of computers, tablets and mobile devices connected to each other via a plurality of distributed interconnected networks over HTTP/HTTPS. These interconnected devices exchange information and perform electronic transactions through web services hosted on a server system. Web services are especially conducive to conducting electronic commerce, enabling vendors to sell physical and virtual goods. Conventionally, a server system provides an electronic catalog of products available for purchase, and a user of these web services who is a potential purchaser can browse through the catalog and purchase items.
Since purchaser-specific order information contains sensitive data, such as credit card numbers, both vendors and purchasers want to ensure the security of the information. Security is also a concern because information may pass through several interconnected computers on its way to its final destination. To help ensure the security of the information, various encryption techniques are used when transmitting information between systems. Nevertheless, there is always a possibility that sensitive information can be intercepted and decrypted by the hacker. Therefore, it is desirable to minimize the sensitive information transferred. Today, the number of transactions executed on mobile devices is growing exponentially, and it is becoming ever more important to reduce the steps of the process and the amount of information being transferred for each transaction. Not only is it cumbersome for a user to enter credit card information, mailing, and shipping addresses on his or her mobile device, but such information can also be intercepted right on the mobile device, such as by a rogue mobile application executing in the background or other malware.
In one embodiment, the present invention provides a computer-implemented electronic commerce transaction method. The method includes: (a) the computer receiving original image data from a user device; (b) the computer associating a security token with the user; (c) the computer embedding the security token into the original image data to generate modified image data; and (d) the computer providing the modified image data to the user device.
In another embodiment, the present invention provides a computer-implemented method for validating a user or user device. The method includes: (a) the computer receiving, from a user device, modified image data; (b) the computer extracting a security token from the modified image data; and (c) the computer validating at least one of the user and the user device.
In a further embodiment, the present invention provides a server including a processor adapted to: (a) receive original image data from a user device; (b) associate a security token with the user; (c) embed the security token into the original image data to generate modified image data; and (d) provide the modified image data to the user device.
In still a further embodiment, the present invention provides a server including a processor adapted to: (a) receive, from a user device, modified image data; (b) extract a security token from the modified image data; and (c) validate at least one of the user and the user device.
The present invention provides a method and a system for facilitating an electronic commerce transaction or purchase authorization by simply dropping an encrypted steganographed image on the item to be purchased, i.e., using a drag-and-drop action familiar to most users. In one embodiment, the image is unique to the user and is tied to a single device, such as a computer or smartphone. In one embodiment, the user's consent to authorize a transaction is transmitted to the server system over Hypertext Transfer Protocol Secure (HTTPS). In one embodiment, the server system decodes the image to retrieve the security token. Upon successful user authentication the authorized transaction is executed.
In one embodiment, the following pseudocode may be used to implement a process for encoding a security token onto an image:
Additional levels of security may be added using a public-key encryption method to create a digital signature using one or more cryptography techniques such as RSA, DES, IDEA (international Data Encryption Algorithm), Skipjack or other block cipher techniques, discrete log systems (e.g., El Gamal Cipher), elliptic curve systems, cellular automata, etc. Public key cryptography systems may be used to implement a private and public key combination for additional security, in some embodiments of the invention.
Once validation and authentication has been completed, at step 206, the electronic commerce transaction generates an order for the user using his or her personal information. The process terminates at step 207.
It should be understood that, in alternative embodiments, routines other than electronic commerce transactions are possible at step 206. For example, the method of steps 201-205 could be used to implement a user login process at step 206, such that a user authenticates himself or herself by dragging-and-dropping an encoded image as described above, instead of using a password, or biometric method, or the like.
In one embodiment, the following pseudocode may be used to implement a process for image decoding and token validation:
First, at step 301, the customer opens a client application that enables the customer to select items to purchase, and subsequently to purchase those items. At step 302, the user browses products available for sale. At step 303, to initiate a purchase, the user drops an EBI object over the product that the user wishes to purchase. At step 304, the client application sends the image, Unique Device ID (UDID), and product details to the server system over a secure (e.g., HTTPS) connection. At step 305, the server system decodes the image to retrieve the security token, compares the hash code of the security token with the hash code saved in the database server, and also compares the Unique Device ID of the user's device from which the transaction was initiated with the UDID associated with the encoded image. If the hash codes and the UDIDs match, then the user's identity is authenticated. At step 306, once the identity of the user has been authenticated, the user's payment, billing, and shipping information is retrieved from the database, and the order is placed. At step 307, a pop-up message is displayed to the user. If the payment is successfully processed and the process of placing the order is successful, then the pop-up message states that the order has successfully been placed. If the payment information fails, if the product is out of stock, or if the order is not successfully completed for some other reason, then the pop-up message slates that the order was not successful, and a message indicating the reason for the failure is displayed to the user.
In one embodiment, the following pseudocode may be used to implement a process for enabling a commerce transaction by the user simply dragging and dropping an Encoded Buy Image (EBI) over a product that the user wants to purchase:
Encoded Buy Image as Checkout for Third-Party Applications and Mobile Apps:
In one embodiment, the Encoded Buy Image (EBI) object is used to pay for purchases within a third-party application.
In order to offer EBI object-based checkout, the third-party application initially establishes a Merchant account with the server system and requests secure API access for the integration of EBI objects.
The above-described method for encoding and decoding, as illustrated in
The encoded media signals can also act as persistent links to metadata stored elsewhere, such as a metadata database server on the Internet, or some other wired or wireless network. Applications for viewing and playing content can display metadata by extracting the link and querying a metadata database server to return the metadata (e.g., access to promotions or premium content). The decoder or an application program in communication with the decoder can issue the query over the Internet using standard communication protocols such as TCP/IP, database standards such as ODBC, and metadata standards such as XML. The query may be sent to a metadata router that maps the link to a metadata database server, which, in turn, returns the metadata to the viewing application for display to the user. This can allow the metadata server to dynamically manage access to special offers and premium content, such that a premium image token holder can automatically decode and access the premium content, while others are not able to see that content.
Only exemplary embodiments of the present invention and a few examples of its versatility are shown and described in the present disclosure. It is to be understood that the present invention is capable of use in various other combinations and environments and is capable of changes or modifications within the scope of the inventive concept as expressed herein.
Different embodiments of the invention may be adaptable for different and specialized purposes. Embodiments of the invention may include implementation of a system on a shared server or in a hardened appliance and may be adapted, e.g., to permit the implementation of the invention across servers on the Internet or in a large heterogeneous environment, such as a private cloud.
It should also be understood that software and/or hardware consistent with embodiments of the invention can be employed, e.g., at endpoint nodes of a network, centrally within a network, as part of a network node, between a standalone pair of interconnected devices not networked to other devices, at a user's end, at the server end, or at any other location within a scheme of interconnected devices.
It should be understood that appropriate hardware, software, or a combination of both hardware and software is provided to effect the processing described above, in the various embodiments of the invention. It should further be recognized that a particular embodiment might support one or more of the modes of operation described herein.
It should be understood that various changes in the details, materials, and arrangements of the parts which have been described and illustrated in order to explain the nature of embodiments of the invention may be made by those skilled in the art without departing from the scope of the disclosure. For example, it should be understood that the inventive concepts of embodiments of the invention may be applied not only in systems and devices for authenticating users in connection with performing e-commerce and other financial transactions, but also in other applications for which embodiments of the invention may have utility.
Embodiments of the present invention can take the form of methods and apparatuses for practicing those methods. Such embodiments can also take the form of program code embodied in tangible media, such as magnetic recording media, optical recording media, solid state memory, floppy diskettes, CD-ROMs, hard drives, or any other non-transitory machine-readable storage medium, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing embodiments of the invention. Embodiments of the invention can also be embodied in the form of program code, for example, stored in a non-transitory machine-readable storage medium including being loaded into and/or executed by a machine, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing embodiments of the invention. When implemented on a general-purpose processor or custom specific processors, the program code segments combine with the processor to provide a unique device that operates analogously to specific logic circuits. The program code may also be implemented in a cloud computing infrastructure or other distributed computing arrangement that involves a large number of computers connected through a communication network such as the Internet, e.g., a software as a service (SaaS) infrastructure, a platform as a service (PaaS) infrastructure, or an infrastructure as a service (IaaS) infrastructure, and may be implemented in a “Big Data” infrastructures, i.e., collections of data sets too large for traditional analytical methods, such as technology segments that employ platforms such as Apache™ Hadoop, Apache™ Storm, Apache™ Tez, the High Performance Computing Cluster (HPCC) Systems Platform, or the like.
It will be appreciated by those skilled in the art that although the functional components of the exemplary embodiments of the system described herein may be embodied as one or more distributed computer program processes, data structures, dictionaries and/or other stored data on one or more conventional general-purpose computers (e.g., IBM-compatible, Apple Macintosh, and/or RISC microprocessor-based computers), mainframes, minicomputers, conventional telecommunications (e.g., modem, T1, fiber-optic line, DSL, satellite and/or ISDN communications), memory storage means (e.g., RAM, ROM) and storage devices (e.g., computer-readable memory, disk array, direct access storage) networked together by conventional network hardware and software (e.g., LAN/WAN network backbone systems and/or Internet), other types of computers and network resources may be used without departing from the present invention. One or more networks discussed herein may be a local area network, wide area network, internet, intranet, extranet, proprietary network, virtual private network, a TCP/IP-based network, a wireless network (e.g., IEEE 802.11 or Bluetooth), an e-mail based network of e-mail transmitters and receivers, a modem-based, cellular, or mobile telephonic network, an interactive telephonic network accessible to users by telephone, or a combination of one or more of the foregoing.
Embodiments of the invention as described herein may be implemented in one or more computers residing on a network transaction server system, and input/output access to embodiments of the invention may include appropriate hardware and software (e.g., personal and/or mainframe computers provisioned with Internet wide area network communications hardware and software (e.g., CQI-based, FTP, Netscape Navigator™, Mozilla Firefox™, Microsoft Internet Explorer™, Google Chrome™, or Apple Safari™ HTML Internet-browser software, and/or direct real-time or near-real-time TCP/IP interfaces accessing real-time TCP/IP sockets) for permitting human users to send and receive data, or to allow unattended execution of various operations of embodiments of the invention, in real-time and/or batch-type transactions. Likewise, a system consistent with the present invention may include one or more remote Internet-based servers accessible through conventional communications channels (e.g., conventional telecommunications, broadband communications, wireless communications) using conventional browser software (e.g., Netscape Navigator™, Mozilla Firefox™, Microsoft Internet Explorer™, Google Chrome™, or Apple Safari™). Thus, embodiments of the present invention may be appropriately adapted to include such communication functionality and Internet browsing ability. Additionally, those skilled in the art will recognize that the various components of the server system of the present invention may be remote from one another, and may further include appropriate communications hardware/software and/or LAN/WAN hardware and/or software to accomplish the functionality herein described.
Each of the functional components of embodiments of the present invention may be embodied as one or more distributed computer-program processes running on one or more conventional general purpose computers networked together by conventional networking hardware and software. Each of these functional components may be embodied by running distributed computer-program processes (e.g., generated using “full-scale” relational database engines such as IBM DB2™, Microsoft SQL Server™, Sybase SQL Server™, or Oracle 10g™ database managers, and/or a JDBC interface to link to such databases) on networked computer systems (e.g., including mainframe and/or symmetrically or massively-parallel computing systems such as the IBM SB2™ or HP 9000™ computer systems) including appropriate mass storage, networking, and other hardware and software for permitting these functional components to achieve the stated function. These computer systems may be geographically distributed and connected together via appropriate wide- and local-area network hardware and software. In one embodiment, data stored in the database or other program data may be made accessible to the user via standard SQL queries for analysis and reporting purposes.
Primary elements of embodiments of the invention may be server-based and may reside on hardware supporting an operating system such as Linux, Microsoft Windows NT/2000™ or UNIX.
Components of a system consistent with embodiments of the invention may include mobile and non-mobile devices. Mobile devices that may be employed in embodiments of the present invention include personal digital assistant (PDA) style computers, e.g., as manufactured by Apple Computer, Inc. of Cupertino, Calif., or Palm, Inc., of Santa Clara, Calif., and other computers running the Android, Symbian, RIM Blackberry, Palm webOS, or iPhone operating systems, Windows CE™ handheld computers, or other handheld computers (possibly including a wireless modem), as well as wireless, cellular, or mobile telephones (including GSM phones, J2ME and WAP-enabled phones, Internet-enabled phones and data-capable smart phones), one- and two-way paging and messaging devices, laptop computers, etc. Other telephonic network technologies that may be used as potential service channels in a system consistent with embodiments of the invention include 2.5G cellular network technologies such as GPRS and EDGE, as well as 3G technologies such as CDMA1×RTT and WCDMA2000, and 4G technologies. Although mobile devices may be used in embodiments of the invention, non-mobile communications devices are also contemplated by embodiments of the invention, including personal computers, Internet appliances, set-top boxes, landline telephones, etc. Clients may also include a PC that supports Apple Macintosh™, Microsoft Windows 95/98/NT/ME/CE/2000/XP/Vista/7/B™, a UNIX Motif workstation platform, Linux, or other computer capable of TCP/IP or other network-based interaction. In one embodiment, no software other than a web browser may be required on the client platform.
Alternatively, the aforesaid functional components may be embodied by a plurality of separate computer processes (e.g., generated via dBase™, Xbase™, MS Access™ or other “flat file” type database management systems or products) running on IBM-type, Intel Pentium™ or RISC microprocessor-based personal computers networked together via conventional networking hardware and software and including such other additional conventional hardware and software as may be necessary to permit these functional components to achieve the stated functionalities. In this alternative configuration, since such personal computers typically may be unable to run full-scale relational database engines of the types presented above, a non-relational flat file “table” (not shown) may be included in at least one of the networked personal computers to represent at least portions of data stored by a system according to embodiments of the present invention. These personal computers may run the Unix, Linux, Microsoft Windows NT/2000™ or Windows 95/98/NT/ME/CE/2000/XP/Vista/7/8™ operating systems. The aforesaid functional components of a system according to the invention may also include a combination of the above two configurations (e.g., by computer program processes running on a combination of personal computers, RISC systems, mainframes, symmetric or parallel computer systems, and/or other appropriate hardware and software, networked together via appropriate wide- and local-area network hardware and software).
A system according to embodiments of the present invention may also be part of a larger system including multi-database or multi-computer systems or “warehouses” wherein other data types, processing systems (e.g., transaction, financial, administrative, statistical, data extracting and auditing, data transmission/reception, and/or accounting support and service systems), and/or storage methodologies may be used in conjunction with those of the present invention to achieve additional functionality.
In one embodiment, source code may be written in an object-oriented programming language using relational databases. Such an embodiment may include the use of programming languages such as C++ and toolsets such as Microsoft's.Net™ framework. Other programming languages that may be used in constructing a system according to embodiments of the present invention include Java, HTML, Perl, UNIX shell scripting, assembly language, Fortran, Pascal, Visual Basic, and QuickBasic. Those skilled in the art will recognize that embodiments of the present invention may be implemented in hardware, software, or a combination of hardware and software.
Accordingly, the terms “server,” “computer,” and “system,” as used herein, should be understood to mean a combination of hardware and software components including at least one machine having a processor with appropriate instructions for controlling the processor. The singular terms “server,” “computer,” and “system” should also be understood to refer to multiple hardware devices acting in concert with one another, e.g., multiple personal computers in a network; one or more personal computers in conjunction with one or more other devices, such as a router, hub, packet-inspection appliance, or firewall; a residential gateway coupled with a set-top box and a television; a network server coupled to a PC; a mobile phone coupled to a wireless hub; and the like. The term “processor” should be construed to include multiple processors operating in concert with one another.
It should also be appreciated from the outset that one or more of the functional components may alternatively be constructed out of custom, dedicated electronic hardware and/or software, without departing from the present invention. Thus, embodiments of the invention are intended to cover all such alternatives, modifications, and equivalents as may be included within the spirit and broad scope of the disclosure.
Reference herein to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments necessarily mutually exclusive of other embodiments.
It should be understood that the steps of the exemplary methods set forth herein are not necessarily required to be performed in the order described, and the order of the steps of such methods should be understood to be merely exemplary. Likewise, additional steps may be included in such methods, and certain steps may be omitted or combined, in methods consistent with various embodiments of the present invention.
It will be further understood that various changes in the details, materials, and arrangements of the parts which have been described and illustrated in order to explain the nature of this disclosure may be made by those skilled in the art without departing from the scope of the disclosure as expressed in the following claims.
The embodiments covered by the claims in this application are limited to embodiments that (1) are enabled by this specification and (2) correspond to statutory subject matter. Non-enabled embodiments and embodiments that correspond to non-statutory subject matter are explicitly disclaimed even if they fall within the scope of the claims.
This application claims priority to co-pending U.S. Provisional Patent Application Ser. No. 61/993,518, filed May 15, 2014, the disclosure of which is incorporated herein by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 61993518 | May 2014 | US |
