Secure handling of stored-value data objects
First Claim
1. A system to securely manage stored-value data objects, the system comprising:
- an issuing system to issue a stored-value data object to a user device, wherein the issuing system signs the stored-value data object and encrypts the stored-value data object using a first public key associated with the user device;
a security element comprising a portion of the user device to decrypt and securely store the stored-value data object received at the user device from the issuing system; and
a redeeming system to redeem the stored-value data object by receiving the stored-value data object from the user device;
wherein the security element encrypts the stored-value data object with a second public key associated with the redeeming system;
and wherein the redeeming system decrypts the stored-value data object and verifies that the stored-value data object was signed by the issuing system.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user'"'"'s personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption. Techniques further provide temporary and rapid verification data objects useful where rapid ticket verification is essential, such as mass transit systems.
124 Citations
98 Claims
-
1. A system to securely manage stored-value data objects, the system comprising:
-
an issuing system to issue a stored-value data object to a user device, wherein the issuing system signs the stored-value data object and encrypts the stored-value data object using a first public key associated with the user device;
a security element comprising a portion of the user device to decrypt and securely store the stored-value data object received at the user device from the issuing system; and
a redeeming system to redeem the stored-value data object by receiving the stored-value data object from the user device;
wherein the security element encrypts the stored-value data object with a second public key associated with the redeeming system;
and wherein the redeeming system decrypts the stored-value data object and verifies that the stored-value data object was signed by the issuing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 16, 17, 18, 19, 20, 21)
-
- 9. The system of claim 9, wherein the computing device comprises at least a first wireless interface to communicate with the issuing and redeeming systems.
-
22. A user device serving as a secure agent for stored-value data object issuing and redeeming systems, the user device comprising:
-
at least one wireless interface to communicate with the issuing and redeeming systems; and
a security element comprising at least one processor and associated memory to;
securely store a first private key associated with the security element;
decrypt a stored-value data object received from the issuing system using the first private key, and securely store the decrypted stored-value data object;
encrypt the stored-value data object and a generated value using a public key associated with the redeeming system, wherein the public key and the generated value are received from the redeeming system;
transfer the encrypted stored-value data object and generated value to the redeeming system; and
erase the stored-value data object from the associated memory in the security element responsive to transfer of stored-value data object to the redeeming system. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method of securely managing the issuance and redemption of stored-value data objects, the method comprising:
-
issuing a stored-value data object from an issuing system to a user device, wherein the issuing system encrypts the stored-value data object using a first public key associated with the user device and the user device decrypts the stored-value data object using a private key known to the user device;
transferring a generated value and a second public key from a redeeming system to the user device responsive to a redemption request;
receiving the generated value and stored-value data object from the user device at the redeeming system, wherein the stored-value data object and the generated value are encrypted by the user device using the second public key; and
validating the stored-value data object and generated value at the redeeming system after decrypting the stored-value data object and generated value using a private key known to the redeeming system. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. A method of securely managing stored-value data objects, the method comprising:
-
receiving an issuance request for a stored-value data object at an issuing system, wherein the issuing system has access to a first public key associated with a user device originating the issuance request;
encrypting the stored-value data object at the issuing system using the first public key;
transmitting the encrypted stored-value data object from the issuing system for receipt at the user device, wherein the user device comprises a security element adapted to decrypt the stored-value data object using a first private key corresponding to the first public key, and then to securely store the stored-value data object;
receiving a redemption request from the user device at a redeeming system;
sending a second public key from the redeeming system to the user device responsive to the redemption request;
receiving the stored-value data object encrypted using the second public key from the user device at the redeeming system;
decrypting the stored-value data object at the redeeming system using a second private key corresponding to the second public key; and
redeeming the stored-value data object at the redeeming system if the stored-value data object is valid. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
-
-
73. A method of redeeming stored-value data objects, the method comprising:
-
verifying a stored-value data object presented by a user device to a first redeeming system in accordance with first verification procedures; and
returning a rapid verification object adapted for more rapid subsequent verification using second verification procedures. - View Dependent Claims (74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
-
Specification