Encapsulated security tokens for electronic transactions

US 10,423,952 B2
Filed: 09/06/2013
Issued: 09/24/2019
Est. Priority Date: 05/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method for use in executing a digital transaction using one or more processors, comprising:

1) first receiving, at a transaction processing system, a security token that incorporates a first set of first transaction elements that are required for an electronic transaction, said security token comprising;

a) a first data object including at least a first subset of said first set of first transaction elements;

b) an at least once-encapsulated data object encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object; and

c) an at least twice-encapsulated data object including at least a second subset of said first transaction elements, different than said first subset, and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party for encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements, and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements;

2) second receiving, at said transaction processing system, a transaction request for said electronic transaction, said request comprising a second set of second transaction elements;

3) first operating said transaction processing system to use said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements;

4) second operating said transaction processing system to use said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements; and

5) comparing, at said transaction processing system, said first financial transaction elements of said security token with said second financial transaction elements of said transaction request to verify said transaction request.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Functional data for use in one or more digital transactions are secured by using an encapsulated security token (EST). In certain embodiments, the EST is created by encapsulating digital data including the functional data using at least two cryptographic systems of two parties. The encapsulation and subsequent de-encapsulation can utilize cryptographic systems of the parties that involve a private key for signing and decryption and a public key for encryption and signature verification. If constructed carefully over a series of rigorous events, the resulting EST can be practically impossible to counterfeit. In addition, a propagation of rights can be tracked for auditing and rights can be easily terminated or modified.

106 Citations

21 Claims

1. A method for use in executing a digital transaction using one or more processors, comprising:
- 1) first receiving, at a transaction processing system, a security token that incorporates a first set of first transaction elements that are required for an electronic transaction, said security token comprising;
  
  a) a first data object including at least a first subset of said first set of first transaction elements;
  
  b) an at least once-encapsulated data object encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object; and
  
  c) an at least twice-encapsulated data object including at least a second subset of said first transaction elements, different than said first subset, and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party for encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements, and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements;
  
  2) second receiving, at said transaction processing system, a transaction request for said electronic transaction, said request comprising a second set of second transaction elements;
  
  3) first operating said transaction processing system to use said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements;
  
  4) second operating said transaction processing system to use said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements; and
  
  5) comparing, at said transaction processing system, said first financial transaction elements of said security token with said second financial transaction elements of said transaction request to verify said transaction request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method as set forth in claim 1, wherein said step of first receiving comprises receiving said security token from another party.
  - 3. A method as set forth in claim 1, wherein said step of first receiving comprises providing at least a portion of said first data object to one party and receiving said security token from said one party or another party who received said security token directly or indirectly from said one party.
  - 4. A method as set forth in claim 1, wherein at least an element of said first data object encapsulated in said security token is identical to a corresponding element of said second transaction elements.
  - 5. A method as set forth in claim 1, wherein each of said first and second digital signature systems is public key—
    - private key system, and said security token was generated by encapsulating said first data object using a private key of at least one of said first and second digital signature systems.
  - 6. A method as set forth in claim 1, wherein said second transaction elements comprise one of personal identification information, financial information and contact information.
  - 7. A method as set forth in claim 1, wherein said digital transaction involves an authorization by an authorizing party to an authorized party for said authorized party to act on said authorizing party'"'"'s behalf, and said security token was generated at least in part under the control of said authorizing party to memorialize said authorization.
  - 8. A method as set forth in claim 1, wherein said digital transaction involves an allowance for an allowed party to access an asset of an allowing party, and said security token was generated at least in part under the control of said allowing party to memorialize said allowance.
  - 9. A method as set forth in claim 8, wherein said asset comprises one of a financial account, an email account, and a phone number.
  - 10. A method as set forth in claim 1, wherein said security token was generated a least in part by an operator of an application requiring authentication of users, and said encapsulated security token is used for said authentication.
  - 11. A method as set forth in claim 1, wherein said digital transaction involves counting a vote in an election.
  - 12. A method as set forth in claim 1, wherein said digital transaction involves consuming proprietary digital content.
  - 13. A method as set forth in claim 1, further comprising further encapsulating at least said at least twice encapsulated data object using a further digital signature system.

14. An apparatus for use in executing a digital transaction comprising:
- 1) an input port for receiving a security token that incorporates a first set of first transaction elements that are required for an electronic transaction, said security token comprising;
  
  a) a first data object including at least a first subset of said first set of first transaction elements;
  
  b) an at least once-encapsulated data object encapsulating at least the first data object using a first digital signature system including a first digital signature of a first party for encapsulating the first data object and a first signature verification for verifying the first signature and de-encapsulating the first data object; and
  
  c) an at least twice-encapsulated data object including at least a second subset of said first transaction elements, different than said first subset, and encapsulating at least the at least once-encapsulated data object and said second subset of said first transaction elements using a second digital signature system including a second digital signature of a second party for encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements, and a second signature verification for verifying the second signature and de-encapsulating the at least once-encapsulated data object and said second subset of said first transaction elements; and
  
  2) a transaction processing system operative for;
  
  a) receiving a transaction request for said electronic transaction, said request comprising a second set of second transaction elements;
  
  b) first using said second signature system to de-encapsulate said at least twice-encapsulated data object so as to obtain said second subset of said first transaction elements;
  
  c) second using said first signature system to de-encapsulate said at least once-encapsulated data object to obtain said first subset of said first transaction elements; and
  
  d) comparing said first financial transaction elements of said security token with said second financial transaction elements of said transaction request to verify said transaction request.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. An apparatus as set forth in claim 14, wherein said input port is operative for receiving said security token from another party.
  - 16. An apparatus as set forth in claim 14, wherein said transaction processing system is operative for providing at least a portion of said first data object to an authorized and receiving said security token from said authorized party or another party who received said first data object directly or indirectly from said authorized party.
  - 17. An apparatus as set forth in claim 14, wherein each of said first and second digital signature systems is a public key—
    - private key system, and said security token is generated by encapsulating said first data object using a private key of at least one of said first and second digital signature systems.
  - 18. An apparatus as set forth in claim 14, wherein said digital transaction involves an authorization by an authorizing party to an authorized party for said second party to act on said authorizing party'"'"'s behalf, and authorizing party to memorialize said authorization.
  - 19. An apparatus as set forth in claim 14, wherein said digital transaction involves an allowance for an allowed party to access an asset of an allowing party, and said security token is generated at least in part under the control of said allowing party to memorialize said allowance.
  - 20. An apparatus as set forth in claim 14, wherein said security token was generated a least in part by an operator of an application requiring authentication of users, and security token is used for said authentication.
  - 21. An apparatus as set forth in claim 14, wherein said security token is encapsulated using a further cryptographic system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Institutional Cash Distributors Technology LLC
Original Assignee
Institutional Cash Distributors Technology LLC
Inventors
Heyner, Mark A.
Primary Examiner(s)
Obeid, Mamon

Application Number

US14/019,989
Publication Number

US 20140331058A1
Time in Patent Office

2,209 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/64   Protecting data integrity, ...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/321   involving a third party or ...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Encapsulated security tokens for electronic transactions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Encapsulated security tokens for electronic transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links