(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`
`(19) World Intellectual Property Organization
`International Bureau
`
`1111111111111111 IIIIII IIIII IIII I II Ill lllll lllll lllll lllll llll 1111111111111111111
`
`(43) International Publication Date
`16 May 2002 (16.05.2002)
`
`PCT
`
`(10) International Publication Number
`WO 02/39226 A2
`
`(51) International Patent Classification 7:
`
`G06F
`
`(21) International Application Number: PCT/US0l/47155
`
`(22) International Filing Date:
`8 November 2001 (08.11.2001)
`
`(25) Filing Language:
`
`(26) Publication Language:
`
`English
`
`English
`
`(30) Priority Data:
`09/710,283
`
`10 November 2000 (10.11.2000) US
`
`(71) Applicant (for all designated States except US): PAY(cid:173)
`MATE.NET CORPORATION [US/US]; 9420 Research
`Boulevard, Echelon III, Suite 160, Austin, TX 78759 (US).
`
`(72) Inventors; and
`(75) Inventors/Applicants (for US onfy): THOMPSON, R.,
`
`William [US/US]; 9305 Scenic Bluff Drive, Austin, TX
`78733 (US). SPENCE, J., Standford [US/US]; 7209 Val(cid:173)
`bum Drive, Austin, TX 78731 (US). JONES, Alan, L.
`[US/US]; 209 North Stone, Round Rock, TX 78664 (US).
`MELLO, Mathew, R. [US/US]; P.O. Box 200369, Austin,
`TX 78720 (US). HEILVEIL, Andrew, L. [US/US]; 13271
`Kerrville Folkway, Austin, TX 78729 (US).
`
`(74) Agents: SKALE, Andrew, D. et al.; Brobeck, Phleger &
`Harrison, 12390 El Camino Real, San Diego, CA 92130
`(US).
`
`(81) Designated States (national): AE, AG, AL, AM, AT, AU,
`AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CO, CR, CU,
`CZ, DE, DK, DM, DZ, EC, EE, ES, Fl, GB, GD, GE, GH,
`GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC,
`LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW,
`MX, MZ, NO, NZ, OM, PH, PL, PT, RO, RU, SD, SE, SG,
`SJ, SK, SL, TJ, TM, TR, TI', TZ, lJA, UG, US, UZ, VN,
`YU, ZA,ZW.
`
`[Continued on next page}
`
`-
`------------------------------------------
`
`(54) Title: SYSTEM AND METHOD FOR CONSUMMATING A FINANCIAL TRANSACTION AT A POINT-OF-SALE
`BASED ON SECURE ELECTRONICS COMMUNICATIONS OVER AN ACTIVE, FULL-TIME PUBLIC NETWORK
`
`-
`iiiiiiiiii
`
`!!!!!!!!!!!!!!! --
`!!!!!!!!!!!!!!! -iiiiiiiiii
`-
`
`iiiiiiiiii
`
`10
`
`I
`
`12a
`
`DIAL NETWORK
`
`\
`
`16
`
`18
`
`20
`
`PRIVATE
`NETWORK
`
`M -<
`
`\0
`M
`M
`0'-1
`~
`M =
`0
`~
`
`(57) Abstract: A system and method
`for consummating a financial transaction
`at a POS based on a secure electronic
`communication over an active, full-time
`public network such as the Internet. The
`invention comprises at least one POS,
`at least one network appliance, at least
`one primary server, and at least one
`financial service provider, the network
`appliance, primary server, and financial
`service provider being
`in electronic
`communication over an active, full-time
`public network, whereby a financial
`transaction is consummated at the POS
`based on the electronic communications
`over the network.
`
`FSP
`14a
`
`FSP
`14b
`
`\
`
`14
`
`CLOVER NETWORK 1013
`
`

`

`WO 02/39226 A2
`
`I 111111111111111111111 IIIII IIII I II Ill lllll lllll lllll lllll llll 1111111111111111111
`
`(84) Designated States (regional): ARIPO patent (GH, GM,
`KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian
`patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), European
`patent (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE,
`IT, LU, MC, NL, PT, SE, TR), OAPI patent (BF, BJ, CF,
`CG, Cl, CM, GA, GN, GQ, GW, ML, MR, NE, SN, TD,
`TG).
`
`Published:
`without international search report and to be republished
`upon receipt of that report
`
`For two-letter codes and other abbreviations. refer to the "Guid(cid:173)
`ance Notes on Codes and Abbreviations" appearing at the begin(cid:173)
`ning of each regular issue of the PCT Gazette.
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`SYSTEM AND METHOD FOR CONSUMMATING A FINANCIAL TRANSACTION
`AT A POINT- OF-SALE BASED ON SECURE ELECTRONICS
`COMMUNICATIONS OVER AN ACTIVE, FULL-TIME PUBLIC NETWORK
`
`BACKGROUND OF THE INVENTION
`
`1.
`
`Field of the Invention
`
`The present invention relates generally to authentication of non-cash payment methods
`
`and more specifically, to an e-commerce gateway system and method for consummating a
`
`financial transaction at a point-of-sale system ("POS") based on secure electronic
`
`communications over an active, full-time public network such as the Internet.
`
`2.
`
`Description of Related Art
`
`Today's POS environment can be considered broadly segmented into two primary
`
`types of businesses: those having a single or small number (i.e., approximately 2 to 5) of
`
`POSs within their confines ("single-POS") and those having greater numbers of POSs within
`
`("multiple-POS"). While the former can generally be typified by independent businesses,
`
`small regional chains, small business, small professional organizations and the like, the later
`
`can be typified by larger chain enterprises and the like.
`
`A primitive multiple-PCS business could ostensibly require a separate'phone line for
`
`each POS. However, it is more customary for the multiple-POS businesses to instead use a
`
`single telephone line to handle the multiple-POS transactions. For example, various parties
`
`have developed systems for transmitting multiple-POS transactions over a single telephone
`
`line, such as that described by U.S. Pat. No. 5,500,890 to Rogge et al., in which a dial-up
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`asynchronous communication protocol allows multiple threaded transactions and interleaved
`
`file transfers over a single phone line.
`
`Not uncommonly, multiple-POS businesses enjoy transactional cost-savings over
`
`single-POS businesses because they are frequently able to develop and support an
`
`infrastructure of fixed-function in-store-processors (''ISP") that are com1ected to the various
`
`POSs. The ISPs, in turn, are then commonly connected to an enterprise server ("home office"
`
`or "ES") that serves multiple enterprise locations. The ISPs :frequently cmmect to the home
`
`office through a first set of privately leased phone lines that are primarily dedicated to this
`
`singular purpose. Similarly, the ES is commonly com1ected to a plurality of financial service
`
`providers through a second set of privately leased phone lines that are also primarily
`
`dedicated to this singular purpose. These privately leased phone networks are all too often the
`
`unique province ofmultiple-POS businesses. These private networks enable rapid financial
`
`transaction consummation-and consequently, higher throughput and profit-because the
`
`phone lines allow active, full-time communication with the financial service providers.
`
`Multiple-POS businesses justify the cost of building their private networks on the
`
`faster transaction times that result at the POS. Heretofore, rarely-if ever-have single-POS
`
`businesses been able to afford this luxury. Heretofore, rarely-if ever-have faster
`
`transactions and the ability to amortize over multiple-POS systems been available to the
`
`single-POS businesses. Rather, single-POS businesses have traditionally been forced to settle
`
`for incomplete and more costly payment solutions that are not well integrated with the rest of
`
`their enterprises. For example, some single-POS businesses have been forced to accept only
`
`2
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`cash payments, thereby having to forego the profits that might otherwise accrue for check and
`
`data card consumers.
`
`What is needed, therefore, is a cost-effective POS solution that will enable faster
`
`transactions for single-POS businesses.
`
`BRIEF SUMMARY OF THE INVENTION
`
`Briefly and summarily, the current invention presents a system and method for
`
`consummating a financial transaction at a POS based on a secure electronic communication
`
`over an active, full-time public network such as the Internet. fu a preferred embodiment, the
`
`invention comprises at least one POS, at least one network appliance, at least one primary
`
`server, and at least one financial service provider, the network appliance, primary server, and
`
`financial service provider being in electronic communication over an active, full-time public
`
`network, whereby a financial transaction is consummated at the POS based on the electronic
`
`communications over the public network.
`
`The foregoing and other objects, advantages, and aspects of the present invention will
`
`become apparent from the following description. fu the description, reference is made to the
`
`accompanying drawings which fonn a part hereof, and in which there is shown, by way of
`
`illustration, a preferred embodiment of the present invention. Such embodiment does not
`
`represent the full scope of the invention, however, and reference must also be made to the
`
`claims herein for properly interpreting the scope of the invention.
`
`BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
`
`Fig. 1 depicts a schematic diagram of single-POS and multiple-POS businesses in a
`
`3
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`prior art network configuration;
`
`Fig. 2 depicts a schematic diagram of a plurality of single-POS businesses in a
`
`network configuration in which a preferred embodiment of the present invention can be
`
`carried out;
`
`Fig. 3 depicts a system block diagram of a preferred embodiment of the present
`
`invention;
`
`Figs. 4 A-D depict a decision chart for POS application logic;
`
`Fig. 5 depicts a hardware configuration for single-POS and multiple-POS
`
`configurations;
`
`Fig. 6 depicts a preferred embodiment of time-synchronization;
`
`Fig. 7 depicts a preferred embodiment of the server architecture;
`
`Fig. 8 depicts a preferred embodiment of the mutual authentication protocol;
`
`Fig. 9-A depicts a preferred embodiment of a dynamic-to-fixed network address
`
`mapping;
`
`Fig. 9-B depicts a prior art typical embodiment of a private network configuration;
`
`Fig. 10 depicts a data-flow diagram; and
`
`Figs. 11 A-C depict a preferred embodiment of the major components of hardware and
`
`software.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`While the present invention relates to a system and method for consummating a
`
`4
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`financial transaction at a POS based on secure electronic communications over an active, full
`
`time public network, it further relates to networldng, monitoring, collecting data, selling
`
`goods and services, controlling interactive advertising, and controlling and effectuating
`
`commerce at a POS. In addition, this invention also relates to physical and virtual public
`
`networking of POS terminals and hardware, server-based public network controls, and public
`
`network security as it relates to a POS. Accordingly, before turning to an explanation of a
`
`preferred embodiment, a brief description of contextual terminology is in order.
`
`A "data card" refers to a credit card, debit card, SmartCard, electronic purchase card,
`
`secure electronic transaction ("SET") card, cyber wallet (i.e., the expansion of the credit card
`
`concept into a concept involving multiple cards with multiple issuers in a unified package), or
`
`other financial service provider account cards. Such data cards typically have a magnetic
`
`recording or other electrical conducting region associated with the card that carries the users
`
`account number, expiration date, name of the issuing financial service provider, and other
`
`information, as well as a visible indication of an account number and other information
`
`typically in an area of embossed characters.
`
`A "business" generally refers to any institution or enterprise tendering goods or
`
`services in exchange for a monetary payment from a consumer or a promise of an exchange of
`
`monetary payment from a consumer.
`
`A "financial transaction" refers to an exchange of monetary payment or a promise of
`
`an exchange of monetary payment, typically between a consumer and business. It includes
`
`payment transactions involving data cards, traditional check writing, electronically converted
`
`5
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`checks, automated clearing house ("ACH") transactions, electronic benefit transfer ("EBT")
`
`transactions, and other types of transactions as well. This term may also refer to broader
`
`types of transactions such as the exchange of information between a consumer and health care
`
`provider, or between a consumer and business with a loyalty or other reward program.
`
`A "financial service provider" refers to an institution that processes financial
`
`transactions, such as a bank or credit card transaction processing company. The term may
`
`also refer to an independent third party institution that is not otherwise related to the financial
`
`service provider, such as a collection agency. It may further include both
`
`authorization processors and bank settlement processors ( so called "front end" and "back end"
`
`processors, respectively), although it is recognized that such services are commonly provided
`
`at different times, in different ways (i.e., real-time processing or batch mode processing), and
`
`by different entities. For the purposes of this description, both types of processors are
`
`subsumed hereunder.
`
`"Consummation" refers to whether or not a financial transaction has been approved or
`
`denied by a financial service provider, and correspondingly completing the transaction to
`
`transfer or not transfer funds from the consumer to the financial service provider as
`
`appropriate.
`
`"Full-time" is more than part-time and refers to electronic communication that can
`
`occur essentially at any time of the day on any day of the year, so called "24/7"
`
`commtmication capabilities.
`
`"Part-time" is less than full-time and refers to an electronic connection or
`
`6
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`communication that can occur when the business is open or otherwise accepting and
`
`processing financial transactions.
`
`"Active" refers to an electronic connection or communication that is ready for
`
`transmission without having to require some event to occur as a precondition, such as a dial(cid:173)
`
`up event initiating a phone call.
`
`"Passive" refers to an electronic connection or communication that is ready for
`
`transmission only after some event occurs as a precondition, such as a dial-up event initiating
`
`a phone call.
`
`"Secure" refers to an electronic connection or communication that is encrypted or
`
`otherwise electronically protected to maintain data integrity.
`
`A "private network" refers to an inherently secure network in which only a designated
`
`business and financial service provider communicate.
`
`A "public network" refers to an inherently insecure network in which any business and
`
`financial service provider may communicate.
`
`The "Internet" refers to a type of public network comprising a set of globally
`
`interconnected computers through which multiple users can access data and programs from
`
`around the world. It com1ects a plurality of server computers to a plurality of client computers
`
`and pem1its a wide variety of communication and informational retrieval mechanisms,
`
`including electronic mail ("e-mail"), file transfer protocol ("FTP"), USENET, the world-wide
`
`web ("web"), and others.
`
`"Server" refer to a computer that hosts other documents and files for storage and
`
`7
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`retrieval thereof on command from a client computer. Such a server may also provide
`
`program execution, such as providing data translation for forwarding to other servers and
`
`clients. Well-known in the art, servers and host computers can communicate with a public
`
`network such as the Internet by providing or hosting an Internet website. An Internet website
`
`is provided by creating a document containing Hypertext Markup Language ("HTML") that
`
`defines a plurality of web pages. An HTML document suitable for posting on the Internet
`
`typically contains what is referred to as "content" and "mark-up." The content refers to the
`
`infonnation that describes the actual text of the Web page, and the mark-up refers to the
`
`information that describes the behavioral characteristics of the page, such as how the content
`
`is to be displayed by a browser or how other information can be accessed through the site.
`
`"Client" refers to a computer that supplies requests to server computers for various
`
`documents and then displays the retrieved documents. Well-known in the art, one computer
`
`frequently functions both as client and server.
`
`"Point-of-sale" ("POS") refers to an area, space, or environment in which a financial
`
`transaction is consummated. It may be comprised of a number of POS terminals.
`
`A "terminal" or "POS terminal" refers generally to the hardware at the POS that
`
`enables the financial transaction to be consummated. It may include either or both a
`
`commercially available and proprietary cash register, data card reader, display device,
`
`keyboard, check processor, receipt printer, personal identification number (PIN) keypad, and
`
`other financial transaction processors.
`
`A "Network Appliance" refers generally to a client that allows access to a Public
`
`8
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`Network such as the Internet.
`
`Referring now to Fig. 1, a typical business environment 10 is illustrated in which
`
`a prior art POS processing system is depicted. More specifically, a plurality of single-POS
`
`businesses 12a, 12b, ... (hereinafter referred to as "12") establish electronic communication
`
`with a plurality of financial service providers 14a, 14b, 14c ... (hereinafter referred to as
`
`"14") through a dial-up phone connection 16a, 16b ... (hereinafter referred to as "16"). For
`
`simplicity, only two single-POS businesses 12 and three financial service providers 14 are
`
`depicted, although any number of each may be provided. The dial-up phone connection 16 of
`
`the single-POS businesses 12 is passive and part-time, whereby the single-POS businesses 12
`
`dial- up the financial service providers 14 as needed. For example, if a first customer presents
`
`a data card for monetary payment, the appropriate data card financial service provider 14 is
`
`called upon to consummate the financial transaction. If another customer presents a check for
`
`monetary payment, the appropriate check financial service provider 14 is called upon to
`
`consummate the financial transaction. Before the different financial transactions can be
`
`consummated, the single-POS businesses 12 must separately initiate electronic
`
`communication with each of the different financial service providers 14, each occurring
`
`separately over the dial-up phone connection 16. This dial-up phone connection 16 has
`
`traditionally resulted in significant shortcomings, including extending the elapsed time
`
`required to consummate the financial transaction in order to allow for the dial-up event
`
`initiating the phone call.
`
`Multiple-POS businesses 18a, 18b ... (hereinafter referred to as "18"), on the other
`
`,9
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`hand, of which two are representatively depicted in Fig. 1, establish electronic communication
`
`with the plurality of financial service providers 14 through private networks 20, 22 of leased
`
`phone lines. These private networks 20, 22 ofleased phone lines are active and full-time,
`
`whereby the multiple-POS businesses 18 are continuously connected to the financial service
`
`providers 14. For example, a separate phone line is typically dedicated to each financial
`
`service provider 14 for rapid communication between the multiple-POS business 18 and the
`
`financial service providers 14. While it is also possible for single-POS businesses 12 to
`
`maintain private network com1ections 20-22 with each of the financial service providers 14,
`
`this is typically not cost justifiable.
`
`In the figure, each multi-POS business 18 typically includes a plurality of POSs 24,
`
`26, 28 of which three are representatively depicted for each multi-POS business 18. Each
`
`POS 24, 26, 28 typically maintains electronic communication with an ISP 30 that process
`
`individual requests from each of the POSs 24, 26, 28. The ISP 30 maintains electronic
`
`connmmication with an enterprise server that is shared by the various multiple-POS
`
`businesses 18. The electronic communication between the ISP 30 and enterprise server 32 is
`
`established through the first private network 20 of leased phone lines. Similarly, the
`
`electronic communication between the enterprise server 32 and financial service providers 14
`
`is established through the second private network 22 ofleased phone lines.
`
`Referring now to Fig. 2, a public network environment 34 is illustrated in which a
`
`preferred embodiment of the present invention can be carried out. More specifically, one or
`
`more of the plurality of single-POS businesses 12 establish electronic communication with
`
`10
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`one or more of the plurality of financial service providers 14 through a public network 36.
`
`For simplicity, only two single-POS businesses 12 and three financial service providers 14 are
`
`depicted, although any number of each may be provided. The public network 36 comprises
`
`an active, full-time network connection.
`
`In a preferred embodiment, one or more network appliances 38 are used to interface
`
`between one or more of the single-POS businesses 12 and the public network 36.
`
`Accordi~gly, the network appliance 38 is capable of electronic communication with the POS
`
`12 by known techniques, such as RS 232 serial interface. Similarly, the network appliance 38
`
`is also capable of electronic communication with the public network 36 by known techniques,
`
`such as, for example, a high-speed Tl line, ADSL, cable, wireless, and other communication
`
`techniques known in the art.
`
`At least one full-time primary server 40 is also capable of electronic communication
`
`with the public network 36, again by known techniques, as are the plurality of financial
`
`service providers 14. More specifically, a preferred primary server 40 comprises a central
`
`processing 1mit 42 ("CPU") and an internal memory device 44 such as random access
`
`memory ("RAM"). The internal memory device 44 preferably contains therein a resident
`
`multi-tasking operating system 46 such as Linux or another suitable multi-tasldng operating
`
`system known to those in the art, a network server program 48, and also preferably an
`
`application programming interface 50 that provides extensions to enable application
`
`developers to extend or customize the core functionality thereof through software programs
`
`including plug-ins, CGI programs, servlets, and the like.
`
`11
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`In the Internet paradigm, the present invention is preferably implemented using a
`
`computer program that is operative at a web server such as the primary server 40, which
`
`operates a so called "web-site" by known techniques. A flow diagram for such program is
`
`attached as Figure 3. An advantage of this embodiment is that all hardware for implementing
`
`the invention can be obtained commercially off the shelf. Although the invention will be
`
`described in the context of a single primary server 40, one of ordinary skill in the art will
`
`appreciate that the described functionality may be implemented across multiple primary
`
`servers 40. Moreover, the web site may be mirrored at additional ancillary servers 52 in
`
`electronic communication with the public network 36, and, if desired, one or more
`
`management ancillary servers 52 or other computer resources or the primary server 40 may be
`
`used to facilitate various billing, accounting and administrative functions as a "back end" to
`
`the underlying site.
`
`The network server program 48 of the primary server 40 is preferably stored in the
`
`internal memory device 44 and executed upon initialization of the primary server 40. It
`
`preferably includes appropriate display routines for generating a set of display screens that
`
`together comprise the user interface for the site, as will be displayed at the POS 12 via the
`
`network appliance 38. To that regard, and as noted above, the preferred embodiment of the
`
`invention is preferably implemented within at least one primary server 40. Thus, the
`
`invention does not require any modifications to conventional POS 12 hardware or software.
`
`Furthermore, by housing the software applications on the primary server 40, the single-POS
`
`businesses 12 need not afford the cost of the equipment or software or staff to implement the
`
`12
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`system :functionality that is being described and had previously been reserved for the multi(cid:173)
`
`POS businesses 14.
`
`Although not intended to be limiting, the above-described :functionality is preferably
`
`implemented as standalone native code or, alternatively, as a Java servelet. Generalizing, the
`
`above-described functionality is implemented in software executable in the CPU 42, namely,
`
`as a set of instructions (i.e., program code) in a code module that is resident in memory of the
`
`primary server 40. Unless and until required by the primary server 44, the set of instructions
`
`may be stored in computer memory, for example, in a hard disk drive, or in a removable
`
`memory such as an optical disk (for eventual use in a CD-ROM) or floppy disk (for eventual
`
`use in a floppy disk drive), or downloaded via the Internet or another computer network.
`
`In addition, although the various methods described are conveniently implemented in
`
`a general purpose primary server 40 selectively activated or reconfigured by software, one of
`
`ordinary skill in the art would also recognize that such methods may be carried out in
`
`hardware, firmware, or in a more specialized apparatus constructed to perfonn the required
`
`method steps.
`
`Further, as used herein, a "client" such as the internet appliance 38 should be broadly
`
`construed to mean any computer or component thereof directly or indirectly connected or
`
`connectable in any known or later-developed manner to the public network 36. Similarly, the
`
`term "server" should also be broadly construed to mean a computer, computer platform, an
`
`adjunct to a computer or platform, or any component thereof, that can either store data or
`
`execute programs locally on behalf of a client. Of course, the client is broadly construed to
`
`13
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`mean the one who requests or receives files or programs, and the server is the entity that
`
`supplies the files or programs that are capable of being downloaded across the public network
`
`36.
`
`Referring back to Fig. 2, the network appliance 38 is a client that, in the Internet
`
`paradigm, includes a suite of Internet tools including a network browser 53, such as Netscape
`
`Navigator or Microsoft Internet Explorer, that has a Java Virtual Machine (JVM) and support
`
`for application plug-ins or helper applications. The network browser 53 allows access to the
`
`servers of the public network 36 to obtain certain services. For example, these services can
`
`include one-to-one e-mail, one-to-many messaging ("bulletin board"), on-line chat, file
`
`transfer and network browsing. Various known Internet protocols are used for these services.
`
`For example, browsing is effected using the known Hypertext Transfer Protocol ("HTTP"),
`
`which provides users access to multimedia files using the Hypertext Markup Language
`
`("HTML"). The collection of servers and clients comprise the World Wide Web, which is the
`
`Internet's primary multimedia information retrieval system.
`
`As known, the network path to the primary server 40 is identified by a so-called
`
`Unifonn Resource Locator ("URL") having a special syntax for defining a network
`
`connection. Use of an HTML-compatible browser ( e.g., Netscape Navigator or Microsoft
`
`Internet Explorer) at a client machine such as the network appliance 38 involves specification
`
`of a link via the URL. In response, the network appliance 38 makes a request to the primary
`
`server 40 identified in the link and, in return, receives a document or other object formatted
`
`according to the HTML. The collection of documents comprising the network service
`
`14
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`program 48 that is supported by the primary server 40 comprises the web site of the present
`
`invention.
`
`Resultant from the electronic communication of the network appliance 38 and primary
`
`server 40 and financial service providers 14 with the active, full-time public network 36, an
`
`encrypted virtual private network ("VPN") 68 is established between the single-POS
`
`businesses 12 and the financial service providers 14. Preferably, both the single-POS
`
`businesses 12 and the financial service providers 14 connect to the primary server 40 using a
`
`mutual authentication protocol ("MAP") with dual digital certificates to establish the secure
`
`VPN 68 between them. This allows the electronic communication to avoid compromise,
`
`whereby a financial transaction is consummated at the single-POS business 12 based on the
`
`secure electronic communications over the public network 36. Significantly, because the
`
`public network 36 is active at all times, dial-up protocols are not required prior to the single(cid:173)
`
`POS businesses 12 consummation of financial transactions.
`
`As described, the network appliance 38 is preferably designed to take advantage of
`
`high-speed public network connection capabilities. It preferably comprises a combination of
`
`RAM devices including dynamic RAM, or some other type of dynamic storage media, and
`
`flash RAM, or some other type of persistent storage that does not lose its contents when
`
`power is removed. Preferably, a portion of the code stored thereon remains resident in the
`
`flash RAM or its equivalent, sufficient to re-establish communication with the primary server
`
`40 or download the latest version of application code in the event items have become
`
`corrupted or subsequent versions become available.
`
`15
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`In a preferred embodiment, all application programming can be in an appropriate
`
`application programming language, such as Java. In a preferred embodiment, it further
`
`comprises a customer activated terminal ("CAT") 54, magnetic ink character recognition
`
`("MICR") check device 56, and a multi-purpose printer 58, to which it preferably interfaces
`
`using the object oriented JPOS (Java POS) convention, as practiced by those skilled in the art.
`
`As compared to a computer, the network appliance 38 is typically more limited in
`
`processing power and memory storage capacity. Nevertheless, it includes all the hardware,
`
`software, memory, and other computing components necessary to implement consummation
`
`of financial transactions at a POS. Accordingly, the primary :functionality is disposed in the
`
`network appliance 38 as opposed to one of the POS tenninals 54-58. For example, the
`
`hardware and software that is sufficient to support a small number of"preload" initial
`
`prompts resides in the POS terminals 54-58, with the more sophisticated :functionality being
`
`directed from the network appliance 38.
`
`More specifically, a representative network appliance 38 comprises a CPU 60 and an
`
`internal memory device 62 such as RAM. The internal memory device 62 preferably contains
`
`therein a resident multi-tasking operating system 64 such as Linux or another suitable multi(cid:173)
`
`tasking operating system known to those in the art, the network firewall 66, the VPN 68, the
`
`integrated browser 70, other integrated clients 72, and other POS applications 74.
`
`When using any public network 36, it is exceedingly difficult, if not all together
`
`impossible, to prevent others from observing the traffic placed upon it. Therefore, secure use
`
`of the public network 36 is accomplished by employing additional security measures to ensure
`
`16
`
`

`

`WO 02/39226
`
`PCT/US0l/47155
`
`reliable service. Accordingly, each network appliance 38 is preferably equipped with network
`
`firewall capabilities, including disabling remote logon capability, rejecting packets arriving
`
`from the public network 36 that were not requested, and requiring a digital certificate
`
`authorization sequence upon initialization, thereby ensuring that only authorized users are
`
`utilizing the network appliance 38 to access the single-POS 12. The firewall capabilities
`
`allow the network appliance 38 to securely initiate requests for information such as e-mail,
`
`advertising, coupons, or other promotional or management data from the primary or ancillary
`
`servers 40,52. Furthermore, secondary authentication factors may also be included, such as
`
`the presence of an affixed token, SmartCard, magnetic card swipe, PIN entry, network
`
`controller MAC, address verification, device