Electronic transaction systems and methods therefor
First Claim
1. In a portable electronic authorization device (PEAD) without tamper proof storage of a user'"'"'s private key, a method for approving a transaction request originates from an electronic transaction system, comprising:
- receiving at said portable electronic authorization device first digital data, said first digital data representing said transaction request; and
if said transaction request is approved by a user of said portable electronic authorization device, decrypting the user private key using a decryption key from a remote server, and transmitting a second digital data to said electronic transaction system, said second digital data being encrypted by said user private key.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are disclosed for approving a transaction request between an electronic transaction system and a portable electronic authorization device (PEAD) carried by a user using an electronic service authorization token. The method includes the steps of receiving at the PEAD first digital data representing the transaction request. The PEAD provides information to the user regarding an ability to approve the transaction request. When the transaction request is approved by the user, the PEAD receives second digital data representing the electronic service authorization token. In one aspect of the invention, the method and apparatus include a remote agent server that provides a bridge between the electronic transaction system and the PEAD. In an embodiment providing a further level of security, the private key is stored on the portable device, encrypted. The decryption key is stored outside of the device, at a trusted 3rd party location. When the user attempts to make a signature the software sends a request for the decryption key, along with the user'"'"'s password or pass phrase keyed in at the keyboard of the PDA, smart phone, or cell phone, to a server belonging to the trusted 3rd party. This password is usually, but not always, different than the password stored in the PEAD. The server checks the password or pass phrase and, if it is correct sends the decryption key to the portable device, where it is used once and immediately discarded. In yet another aspect of the invention, the user'"'"'s password is securely encoded in the method and apparatus and are used at a point-of-sale location. Advantages of the invention include the ability to securely and conveniently perform transactions in a portable device.
-
Citations
28 Claims
-
1. In a portable electronic authorization device (PEAD) without tamper proof storage of a user'"'"'s private key, a method for approving a transaction request originates from an electronic transaction system, comprising:
-
receiving at said portable electronic authorization device first digital data, said first digital data representing said transaction request; and
if said transaction request is approved by a user of said portable electronic authorization device, decrypting the user private key using a decryption key from a remote server, and transmitting a second digital data to said electronic transaction system, said second digital data being encrypted by said user private key. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21)
-
-
2. In an electronic authorization system without tamper proof storage of a user'"'"'s private key, a method for approving a transaction request originating from an electronic transaction system, comprising:
-
receiving at said electronic authorization system first digital data, said first digital data representing said transaction request; and
if said transaction request is approved by a user of said electronic authorization system, decrypting the user private key using a decryption key from a remote server, transmitting a second digital data to said electronic transaction system, said second digital data being encrypted by said user private key. - View Dependent Claims (16, 22, 23, 24, 25, 26, 27, 28)
-
Specification