U.S. patent application number 11/078354 was filed with the patent office on 2005-07-21 for network-accessible account system.
Invention is credited to Johnson, David Matthew.
Application Number | 20050160051 11/078354 |
Document ID | / |
Family ID | 34748684 |
Filed Date | 2005-07-21 |
United States Patent
Application |
20050160051 |
Kind Code |
A1 |
Johnson, David Matthew |
July 21, 2005 |
Network-accessible account system
Abstract
The present invention is directed to methods of, and systems
for, allowing an account participant to add value via a wide-area
network to a first account from a second account. A first account
server coupled to a wide-area network supports the first account.
In a preferred embodiment the wide-area-network-accessible value
transfer station (VTS) includes a central processing unit for
executing instructions, and a memory unit. The memory unit includes
an operating system, software for receiving from a participant via
the network a) second account identification information, and b) a
value that the participant desires to transfer to the first account
from the second account, second account verification software for
receiving the second account identification number from said
receiving software and for verifying that the second account
authorizes the transfer of the specified value, and value transfer
software for receiving a value from the receiving software, for
receiving a verification from the verification software, and for
transferring the specified value to the first account from the
second account if the verification is received. The
wide-area-network-accessible VTS further includes conductive
interconnects connecting the central processing unit and the memory
unit to allow portions of the wide-area-network-accessible value
transfer station to communicate and to allow the central processing
unit to execute the software in the memory unit.
Inventors: |
Johnson, David Matthew;
(Boston, MA) |
Correspondence
Address: |
MCGUIREWOODS, LLP
1750 TYSONS BLVD
SUITE 1800
MCLEAN
VA
22102
US
|
Family ID: |
34748684 |
Appl. No.: |
11/078354 |
Filed: |
March 14, 2005 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
11078354 |
Mar 14, 2005 |
|
|
|
09358196 |
Jul 12, 1999 |
|
|
|
Current U.S.
Class: |
705/64 ;
705/67 |
Current CPC
Class: |
G06Q 20/28 20130101;
G06Q 40/02 20130101; G06Q 40/00 20130101; G06Q 20/10 20130101; G06Q
20/382 20130101; G06Q 20/3674 20130101; G06Q 20/105 20130101 |
Class at
Publication: |
705/064 ;
705/067 |
International
Class: |
H04L 009/00 |
Claims
1. A system for allowing a user to add a value via a wide-area
network (WAN) to a first account of a first network system of a
participant from a second account supported by a different network
system, the first account being supported by a first account server
coupled to the WAN, said value-adding system comprising: a
WAN-accessible value transfer station (VTS) coupled to said WAN and
coupled to the first account server, said WAN-accessible VTS
including 1) means for receiving from one of a general purpose
computer and a personal digital assistant (PDA) operated by the
user a) second account identification information, and b) the value
that the user desires to transfer to said first account from said
second account, 2) means for determining that the user is
authorized to access said first account, 3) means for verifying
that said second account authorizes the transfer of said value, and
4) means for transferring said value to said first account from
said second account.
2. The system according to claim 1, wherein said WAN-accessible VTS
comprises: a central processing unit for executing instructions, a
memory unit comprising: an operating system, software for receiving
from the user via the WAN a) second account identification
information, and b) the value that the user desires to transfer to
said first account from said second account, second account
verification software for receiving the second account
identification information from said receiving software and for
verifying that the second account authorizes the transfer of said
value, and value transfer software for receiving the value from
said receiving software, for receiving a verification from said
verification software, and for transferring said value to said
first account from said second account if said verification is
received, and conductive interconnects connecting said central
processing unit and said memory unit to allow portions of the
WAN-accessible VTS to communicate and to allow the central
processing unit to execute the software in the memory unit.
3. The system according to claim 2, wherein said memory unit
further comprises firewall software for providing security for the
system.
4. The system according to claim 3, wherein said operating system
comprises an operating system kernel and wherein said firewall
software is integrated into the operating system kernel.
5. The system according to claim 2, wherein said memory unit
further comprises security socket layer data encryption software
for encrypting data for transfer outside of said system.
6. The system according to claim 2, wherein said receiving software
further comprises software for receiving first account
identification information.
7. The system according to claim 2, wherein said memory unit
further comprises name recognition software for receiving first
account identification information and for matching a name
associated with the first account identification information with
the name of the participant.
8. The system according to claim 2, wherein said memory unit
further comprises system monitoring software for monitoring the
system.
9. The system according to claim 8, wherein said system further
comprises means for emitting sound to report system status, said
means being controlled by said system monitoring software.
10. The system according to claim 2, wherein said system further
comprises small computer system interface (SCSI) drives connected
to said central processing unit.
11. The system according to claim 2, wherein said system further
comprises backup drives coupled to said central processing
unit.
12. The system according to claim 2, wherein said system further
comprises at least one uninterruptable power supply coupled to said
WAN-accessible VTS server.
13. The system according to claim 1, wherein said first account is
a student identification card account.
14. The system according to claim 1, wherein said second account is
selected from the group of accounts consisting of debit accounts
and credit card accounts.
15. The system according to claim 1, wherein said first account
server is coupled to the WAN through said WAN-accessible value
transfer station.
16. The system according to claim 1, wherein the system further
comprises a second WAN-accessible value transfer station.
17-20. (canceled)
21. An apparatus for transferring value between accounts
comprising: program code which provides for a card account
participant or authorized user to use the Internet to add value to
a first account from a second account, the first account being
supported by a first account server coupled to the Internet, the
first and second accounts being supported by different computer
networks, said program code includes: software for receiving from
the participant or user a) first account identification
information, b) second account identification information, and c)
the value that the participant desires to transfer to said first
account from said second account, second account verification
software for verifying that the second account authorizes the
transfer of said value, and value transfer software for
transferring said value to said first account from said second
account.
22. The computer data signal apparatus of claim 21, wherein the
software for receiving from the participant first account
identification information, second account information, and value
includes software for receiving said first account information,
said second account information, and said value from a device
connected to the Internet.
23. The apparatus of claim 22, wherein the device connected to the
Internet includes one of a general purpose computer and a personal
digital assistant (PDA).
24. The system of claim 1, wherein said WAN is a non-proprietary
network.
25. The system of claim 1, wherein the first network system is a
card account system.
26. The system of claim 1, wherein the different network system
includes a financial network system.
27. The system of claim 1, wherein the user and the participant is
the same person.
28. The system of claim 1, wherein said receiving means receives
said second account information and said value at a Web site.
29. The system of claim 1, wherein access to the value transferred
to said first account from said second account occurs
instantaneously after the system receives the second account
information and value that the user desires to transfer.
30. The apparatus of claim 22, wherein the device connected to the
Internet includes one of a telephone and a modem.
31. The system of claim 1, wherein the means for receiving further
includes means for receiving from one of a telephone and a
modem.
32. A system for allowing a user to add a value via a wide-area
network (WAN) to a first account of a first network system of a
participant from a second account supported by a different network
system, the first account being supported by a first account server
coupled to the WAN, said value-adding system comprising: a
WAN-accessible value transfer station (VTS) coupled to said WAN and
coupled to the first account server, said WAN-accessible VTS
including 1) means for receiving from one of a general purpose
computer and a personal digital assistant (PDA) operated by the
user a) second account identification information, and b) the value
that the user desires to transfer to said first account from said
second account, 2) means for verifying that said second account
authorizes the transfer of said value, and 3) means for
transferring said value to said first account from said second
account, wherein the first network system is a card account
system.
33. The system of claim 32, wherein said WAN is a non-proprietary
WAN.
34. The apparatus of claim 21, wherein the program code is included
in a data signal embodied in a carrier wave when the card account
participant or authorized user remotely adds value to the first
account.
35. The apparatus of claim 21, wherein the program code includes a
browser.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation of U.S. application Ser.
No. 09/358,196, filed on Jul. 12, 1999, the disclosure of which is
incorporated herein by reference in its entirety.
COPYRIGHT NOTICE
[0002] Copyright, 1998, 1999, JSA Technologies, Incorporated. A
portion of the disclosure of this patent document contains material
which is subject to copyright protection. The copyright owner has
no objection to reproduction by anyone of the patent document or
the patent disclosure, as it appears in the U.S. Patent and
Trademark Office patent file or records, but otherwise reserves all
copyright rights whatsoever.
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH
[0003] Not Applicable
REFERENCE TO MICROFICHE APPENDIX
[0004] Not Applicable
BACKGROUND OF THE INVENTION
[0005] This invention relates to a wide-area-network-accessible
(WAN-accessible) account system and, more particularly, to a system
for allowing an account participant to access a account, e.g., to
transfer value to a first account from a second account, via a
device attached to a WAN.
[0006] Single card account systems, such as university
identification card systems, perform a variety of useful functions.
In the university context, a university community member can use
their identification card for identification and for facilities
access. Importantly, a cardholder can also use their card purchase
products and/or services from a variety of sources such as copying
machines, vending machines, dining services, the university book
store, library services, and athletic department services. Other
institutions such as large companies can use a single card account
system in a similar way.
[0007] However, universities and other institutions presently
provide staff, office space, and facilities to assist community
members in depositing money into a particular account. Furthermore,
community members typically submit their money during business
hours or use regular mail. As a result there is often a significant
lag between the first occurrence of a desire to add a specified
amount to a particular account and the crediting of that specified
amount to the particular account.
[0008] For the foregoing reasons, it is an object of the invention
to provide a value transfer system that allows an authorized
community member greater access to the community's single card
system. It is another object of the invention to provide ubiquitous
or global access (e.g., from a variety of personal computers and
other personal digital assistants connected to the Internet) to a
value transfer system. It is still another object of the invention
to provide access to a community's value transfer system
twenty-four-hours-a-day, three-hundred-sixty-five-d- ays-a-year.
Further, it is another object of the invention to provide
cardholders instant access to their deposited funds.
[0009] Other objects of the invention will in part be obvious and
will in part appear hereinafter.
SUMMARY OF THE INVENTION
[0010] The present invention is directed to WAN-accessible systems
for allowing an account participant to access an account system,
e.g., to add value to a first account from a second account. A
first account server coupled to a network supports the first
account. One version of a system according to the invention
includes a WAN-accessible value transfer station (VTS) coupled to
the network and coupled to the first account server. The
WAN-accessible VTS includes: 1) a module for receiving from a
participant a) second account identification information, and b) a
value that the participant desires to transfer to the first account
from the second account; 2) a module for verifying that the second
account authorizes the transfer of the value; and 3) a module for
transferring the value to the first account from the second
account.
[0011] In a preferred embodiment the WAN-accessible VTS includes a
central processing unit for executing instructions, and a memory
unit. The memory unit includes: 1) an operating system; 2) software
for receiving from a participant via the network a) second account
identification information, and b) a value that the participant
desires to transfer to the first account from the second account;
3) second account verification software for receiving the second
account identification information from the receiving software and
for verifying that the second account authorizes the transfer of
the value; and 4) value transfer software for receiving a specified
value from the receiving software, for receiving a verification
from the verification software, and for transferring the value to
the first account from the second account if the verification is
received. The WAN-accessible VTS further includes conductive
interconnects connecting the central processing unit and the memory
to allow portions of the WAN-accessible VTS to communicate and to
allow the central processing unit to execute the software in the
memory unit.
[0012] Another version of the invention provides a method,
performed in a server, of adding value to a first account by
transferring value from a second account. The method includes the
steps of: 1) receiving from a participant via the network a)
account identification information for identifying a second
account, and b) a value that the participant desires to transfer to
the first account from the second account; 2) verifying that the
second account authorizes the transfer of the value; and 3)
transferring the value to the first account from the second
account.
[0013] Yet another version of the invention provides a computer
data signal embodied in a carrier wave. The computer data signal
includes program code which allows for a card account participant
to remotely add value to a first account from a second account. A
first account server coupled to a network supports a first account.
The program code includes software for receiving from a participant
a) first account identification information, b) second account
identification information, and c) a value that the participant
desires to transfer to the first account from the second account,
second account verification software for verifying that the second
account authorizes the transfer of the specified value, and value
transfer software for transferring the specified value to the first
account from the second account.
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] The foregoing and other objects of this invention, the
various features thereof, as well as the invention itself, may be
more fully understood from the following description, when read
together with the accompanying drawings in which:
[0015] FIG. 1 is a schematic diagram of a preferred embodiment of a
WAN-accessible value transfer system according to the
invention;
[0016] FIG. 2 is a schematic diagram of the value transfer server
of FIG. 1;
[0017] FIG. 3 is a flow chart for one embodiment of the operation
of the WAN-accessible value transfer system of FIG. 1;
[0018] FIG. 4 is one embodiment of a home page for the web site of
the WAN-accessible value transfer system of FIG. 1;
[0019] FIG. 5 is one embodiment of a login or access screen for the
web site of the WAN-accessible value transfer system of FIG. 1;
[0020] FIG. 6 is one embodiment of a main menu screen for the web
site of the WAN-accessible value transfer system of FIG. 1;
[0021] FIG. 7 is one embodiment of a first account balance screen
for the web site of the WAN-accessible value transfer system of
FIG. 1;
[0022] FIG. 8 is one embodiment of a second account information
input screen for the web site of the WAN-accessible value transfer
system of FIG. 1; and
[0023] FIG. 9 is schematic diagram of an alternative embodiment of
a WAN-accessible value transfer system according to the
invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0024] The present invention is directed to WAN-accessible systems
for allowing an account participant to access an account, e.g., to
add value to a first account from a second account. With reference
to FIGS. 1, 2, and 9, one embodiment of a WAN-accessible value
transfer system according to the invention includes a first account
server 20 coupled to a WAN, e.g., the Internet 17. A WAN-accessible
VTS 11 is coupled to the WAN 17 and to the first account server 20.
In a preferred embodiment, the first account server 20 is coupled
to the WAN 17 through the WAN-accessible VTS 11.
[0025] A preferred embodiment of the WAN-accessible VTS 11 includes
two servers 13, 15. A preferred embodiment of a WAN-accessible VTS
includes a central processing unit 38 connected to a memory unit
13a. The memory unit 13a includes an operating system 25 and a
plurality of modules including an information receiving module 35,
an account verification module 36, and a value transfer module 37.
The operating system 25 can be Debian GNU/Linux.
[0026] The information receiving module 35 receives information
from a participant via the network. The information includes a) a
second account identification number, and b) a value that the
participant desires to transfer to the second account from the
first account. The account verification module 36 receives the
second account identification number from the information receiving
module and verifies that the second account authorizes the transfer
of the specified value. The value transfer module 37 then transfers
the specified value from the second account to the first account if
authorization is received from the account verification module
36.
[0027] Thus, a participant or user 10 can remotely add value to a
first account, e.g., to a student identification system account,
from a second account, e.g., a credit card account. The user 10 can
add value from a computer 18, e.g., a remote computer, via a WAN,
e.g., via the Internet.
[0028] The value station server 13, 15 can include a variety of
other modules including data encryption 24, name recognition 31,
reporting 32, and system monitoring 34 modules. In addition, the
VTS server includes databases. 39a, 39b, 39c. These databases store
transaction, reporting, and system monitoring information.
Preferably, the system includes a backup system, e.g., backup tape
drives 29.
[0029] Operating systems, such as windows, typically do not include
firewall protection. Thus, firewall software is added on top of the
operating system. The layering of firewall software on top of the
operating system reduces the speed and reliability of the resulting
system. As noted above, according to a preferred embodiment, the
operating system 25 can be Debian GNU/Linux. Firewall software is
integrated into the Linux operating system kernel, providing
low-level integration. The low-level integration provides a fast
and reliable network solution, without extra software packages that
can fail or be dismantled
[0030] In addition, a preferred embodiment of firewall software is
configured not to respond to any network traffic that is not
specifically designated for the web-server. Computer hackers can
begin an attack on an Internet-accessible system by initiating
communication with the system's server. For example, the hacker can
send a request to a system server asking for the addresses of all
the computers on the network. A preferred embodiment of a
WAN-accessible value transfer system will not respond to such a
request. Thus, the hacker is unable to identify the server or any
of the transmission control protocol (TCP), user datagram protocol
(UDP), or Internet control message protocol (ICMP) openings, making
the server invisible to the hacker.
[0031] The firewall software also protects against advanced attacks
such as IP spoofing and denial of service attacks, e.g., SYN
flooding (flooding the server with so much information that the
server can not respond). According to one type of denial of service
attack, a hacker can submit an overwhelmingly large series of
requests to the target server. One method for protecting against
such an attack is to require interactive communication on the first
request in the series before responding to other requests in the
series.
[0032] According to a preferred embodiment, the data encryption
module 24 posts account information only to Secure Socket Layer
(SSL) encrypted pages, so that sensitive information remains
private and unknown to attackers listening on the network. In
addition, the system can require a participant to complete the
transaction within a pre-selected period of time. Thus account
holders can safely use a WAN-accessible value transfer system at
public kiosks and computer labs without having to worry about their
information being retrieved by subsequent users. Furthermore, a
preferred embodiment of the system will not allow a participant to
submit the exact same transaction twice within a pre-selected
period of time. Thus, the system helps to prevent cardholders from
submitting duplicate transactions.
[0033] The reporting module 32 contains a number of reporting
features to help account system administrators track transactions
and cardholder usage. The report interface can be HTML based,
providing a simple interface for account system administration
staff. Reports are secured via SSL so that report information is
confidential between the server and client. The reports can be
customized to provide a variety of information including sales,
time of day usage, length of usage, and site navigation
information. The reports can also include verification information
such as individual customer IP addresses.
[0034] With reference to FIG. 3, in operation, a preferred
embodiment of the invention performs the following steps. The
WAN-accessible value transfer system determines 41 whether the user
is authorized to access the first account, e.g., a university
identification system. If the user is authorized, the user is
allowed to select an action 42 including checking an account
balance 44 or adding value to a first account 43. If the user
decides to add value to an account, the system receives 45 from the
user or participant, a) information to identify a second account,
e.g., a credit card number, and b) a value that the participant
desires to transfer from the second account to the first account.
The system then contacts 46 the second account and requests 47 a
credit authorization number from the second account. If the second
account grants 48 a credit authorization number, then the system
transfers 49 the specified value from the second account to the
first account. Otherwise, the system can return the user to a web
page that informs the user that the transaction was not authorized
and again requests the user to select an action. Optionally, the
system can then update 50 ancillary databases, e.g., the reporting
and system monitoring databases, regarding the transaction.
[0035] With reference to FIGS. 4-8, a preferred embodiment of a
WAN-accessible value transfer system provides a web site with a
variety of web pages. With reference to FIG. 4, the home page of
the WAN-accessible VTS web site can inform the user of the general
character of the WAN-accessible VTS and of the level of security
possible given the user's computer system. If the user decides to
continue, the user comes to an HTML form page, as shown in FIG. 5,
for logging in to the system.
[0036] Once the user has successfully logged in, the user comes to
a web page, as shown in FIG. 6, providing a variety of possible
actions, e.g., check an account balance or transfer funds into the
account, that the user can perform within the system. If the user
decides to check on the first account balance, the user comes to a
web page, as shown in FIG. 7, providing a first account
balance.
[0037] If the user decides to transfer funds from a second account
to a first account, the user comes to a web page, as shown in FIG.
8, providing several fields, including some with selection menus,
that the user completes. The fields relate to the second account
and to the amount of funds that the user would like to
transfer.
[0038] More generally, the VTS web site provides cardholders
unlimited viewing of their transactions and current balances. By
providing cardholders access to their account information,
institutions, e.g., universities, eliminate the need to mail costly
paper versions of monthly statements. Currently, if an organization
runs a debit card system, that organization is classified under
U.S. banking regulations in which they must provide statements to
all cardholders. Statements have traditionally been provided by
printing and mailing statements to all cardholders, which can be
costly, difficult, and error prone. The VTS web site eliminates the
need for printed statements, and thus reduces the costs of postage
and labor associated with the traditional paper reporting methods.
Using the VTS web site also reduces the need to answer cardholder
inquiries regarding balances and account transactions.
[0039] It will thus be seen that the objects set forth above, among
those made apparent from the preceding description, are officially
attained. Since certain changes may be made in the above
constructions without departing from the scope of the invention, it
is intended that all matter contained in the above description and
shown in the accompanying drawings be interpreted as illustrative
and not in a limiting sense.
[0040] It is also to be understood that the following claims are
intended to cover all generic and specific features of the
invention described therein, and all statements of the scope of the
invention which as a matter of language might be the to fall
therebetween.
* * * * *