Encapsulated security tokens for electronic transactions
First Claim
1. A method for use in executing a digital transaction using one or more processors, comprising:
- 1) first receiving, at a transaction processing system, a security token that incorporates a first set of first transaction elements that are required for an electronic transaction, said security token comprising;
a) a first data object including at least a first subset of said first set of first transaction elements;
b) an at least once-encapsulated data object encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object; and
c) an at least twice-encapsulated data object including at least a second subset of said first transaction elements, different than said first subset, and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party for encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements, and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements;
2) second receiving, at said transaction processing system, a transaction request for said electronic transaction, said request comprising a second set of second transaction elements;
3) first operating said transaction processing system to use said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements;
4) second operating said transaction processing system to use said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements; and
5) comparing, at said transaction processing system, said first financial transaction elements of said security token with said second financial transaction elements of said transaction request to verify said transaction request.
6 Assignments
0 Petitions
Accused Products
Abstract
Functional data for use in one or more digital transactions are secured by using an encapsulated security token (EST). In certain embodiments, the EST is created by encapsulating digital data including the functional data using at least two cryptographic systems of two parties. The encapsulation and subsequent de-encapsulation can utilize cryptographic systems of the parties that involve a private key for signing and decryption and a public key for encryption and signature verification. If constructed carefully over a series of rigorous events, the resulting EST can be practically impossible to counterfeit. In addition, a propagation of rights can be tracked for auditing and rights can be easily terminated or modified.
-
Citations
21 Claims
-
1. A method for use in executing a digital transaction using one or more processors, comprising:
-
1) first receiving, at a transaction processing system, a security token that incorporates a first set of first transaction elements that are required for an electronic transaction, said security token comprising; a) a first data object including at least a first subset of said first set of first transaction elements; b) an at least once-encapsulated data object encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object; and c) an at least twice-encapsulated data object including at least a second subset of said first transaction elements, different than said first subset, and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party for encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements, and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements; 2) second receiving, at said transaction processing system, a transaction request for said electronic transaction, said request comprising a second set of second transaction elements; 3) first operating said transaction processing system to use said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements; 4) second operating said transaction processing system to use said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements; and 5) comparing, at said transaction processing system, said first financial transaction elements of said security token with said second financial transaction elements of said transaction request to verify said transaction request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus for use in executing a digital transaction comprising:
-
1) an input port for receiving a security token that incorporates a first set of first transaction elements that are required for an electronic transaction, said security token comprising; a) a first data object including at least a first subset of said first set of first transaction elements; b) an at least once-encapsulated data object encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object; and c) an at least twice-encapsulated data object including at least a second subset of said first transaction elements, different than said first subset, and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party for encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements, and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements; and 2) a transaction processing system operative for; a) receiving a transaction request for said electronic transaction, said request comprising a second set of second transaction elements; b) first using said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements; c) second using said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements; and d) comparing said first financial transaction elements of said security token with said second financial transaction elements of said transaction request to verify said transaction request. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification