Encapsulated security tokens for electronic transactions
First Claim
1. A method for use in securing functional data for use in electronic transactions, comprising:
- 1) constructing a security token that incorporates a first set of first transaction elements that are required for an electronic transaction, said constructing a security token comprising;
a) operating a first processing system to generate a first data object including at least a first subset of said first set of first transaction elements;
b) transmitting the first data object, directly or indirectly, from said first processing system to a second processing system;
c) first operating the second processing system to generate an at least once-encapsulated data object by encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party, for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object;
d) transmitting the at least once-encapsulated data object to a third processing system; and
e) second operating the third processing system to generate an at least twice-encapsulated data object by adding at least a second subset of said first transaction elements, different than said first subset, to said once-encapsulated data object and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party, for encapsulating the at least once-encapsulated data object and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated data object;
wherein said security token comprises said at least twice-encapsulated data object;
2) transmitting said security token to a transaction processing system; and
3) transmitting, to said transaction processing system, signature information sufficient to allow said transaction processing system to use said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements and to use said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements and to compare said first financial transaction elements of said security token with second financial transaction elements of a transaction request to verify said transaction request.
3 Assignments
0 Petitions
Accused Products
Abstract
Functional data for use in one or more digital transactions is secured by using an encapsulated security token (EST). In certain embodiments, the EST is created by encapsulating digital data including the functional data using at least two digital signature systems of two parties. The encapsulation and subsequent de-encapsulation can utilize digital signature systems of the parties that involve a private key for encapsulation and a public key for de-encapsulation. If constructed carefully over a series of rigorous events, the resulting EST can be practically impossible to counterfeit. In addition, a propagation of rights can be tracked for auditing and rights can be easily terminated or modified.
104 Citations
48 Claims
-
1. A method for use in securing functional data for use in electronic transactions, comprising:
-
1) constructing a security token that incorporates a first set of first transaction elements that are required for an electronic transaction, said constructing a security token comprising; a) operating a first processing system to generate a first data object including at least a first subset of said first set of first transaction elements; b) transmitting the first data object, directly or indirectly, from said first processing system to a second processing system; c) first operating the second processing system to generate an at least once-encapsulated data object by encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party, for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object; d) transmitting the at least once-encapsulated data object to a third processing system; and e) second operating the third processing system to generate an at least twice-encapsulated data object by adding at least a second subset of said first transaction elements, different than said first subset, to said once-encapsulated data object and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party, for encapsulating the at least once-encapsulated data object and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated data object; wherein said security token comprises said at least twice-encapsulated data object; 2) transmitting said security token to a transaction processing system; and 3) transmitting, to said transaction processing system, signature information sufficient to allow said transaction processing system to use said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements and to use said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements and to compare said first financial transaction elements of said security token with second financial transaction elements of a transaction request to verify said transaction request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for use in securing functional data for use in electronic transactions, comprising:
-
1) a first processing system operative for; a) receiving a first data object including at least a first subset of first transaction elements that are required for an electronic transaction; and b) first generating an at least once-encapsulated data object by encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party, for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object; and 2) a second processing system operative for; a) receiving the at least once-encapsulated data object, and; b) second generating an at least twice-encapsulated data object by adding at least a second subset of said first transaction elements to said at least once-encapsulated data object and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party for encapsulating the once-encapsulated data object and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated cash channel object; wherein said security token comprises said at least twice-encapsulated data object; and 3) network structure for; a) transmitting said security token to a transaction processing system; and b) transmitting, to said transaction processing system, signature information sufficient to allow said transaction processing system to use said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements, to use said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements, and to compare said first financial transaction elements of said security token with second financial transaction elements of a transaction request to verify said transaction request. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
Specification