Method and system for using electronic communications for an electronic contract

US 20030177361A1
Filed: 12/20/2002
Published: 09/18/2003
Est. Priority Date: 08/04/2000
Status: Active Grant

First Claim

Patent Images

1. A method for use in a transaction involving an electronic contract, comprising the steps of:

a first party to the contract having a device that generates a digital signature using a private key of a public key/private key pair;

storing the public key of the public key/private key pair of the first party in a database in association with an identifier and other information associated with the first party;

storing a security profile associated with the device in a database;

the first party to the contract using the device to generate a digital signature with respect to predetermined information relating to the electronic contract;

the first party communicating an electronic communication to a second party to the contract, the electronic communication comprising an identifier associated with the first party, the digital signature, and a verification status indicator;

in response to receipt of the electronic communication, the second party authenticating the digital signature with the public key associated with the first party;

in response to authenticating the digital signature, the second party communicating a request for a security profile associated with the first party to the security profile database;

in response to receipt of the security profile associated with the first party from the secure entity, the second party determining a response to the predetermined information relating to the electronic contract based on prestored security profile-related business rules maintained by the second party; and

in response to the verification status indicator in the electronic communication, the second party determining a response to the predetermined information relating to the electronic contract based on prestored verification status-related business rules maintained by the second party.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for digitally signing an electronic contract document. An electronic communication contains an identifier, a message, which includes the document, and a digital signature generated with a private key of an asymmetric key pair (247). The identifier may be used to retrieve a corresponding public key (287) and account information pertaining to the sender of the message. The public key may be used to authenticate the sender and the message. A device containing the private key may be used to protect the privacy thereof. The device may also generate a verification status indicator corresponding to verification data input into the device. The indicator may also be used as evidence that the sender of a contract document performed an overt act in causing the electronic communication to be digitally signed. A security profile linked to the public key in a secure database indicates security characteristics of the device.

281 Citations

67 Claims

1. A method for use in a transaction involving an electronic contract, comprising the steps of:
- a first party to the contract having a device that generates a digital signature using a private key of a public key/private key pair;
  
  storing the public key of the public key/private key pair of the first party in a database in association with an identifier and other information associated with the first party;
  
  storing a security profile associated with the device in a database;
  
  the first party to the contract using the device to generate a digital signature with respect to predetermined information relating to the electronic contract;
  
  the first party communicating an electronic communication to a second party to the contract, the electronic communication comprising an identifier associated with the first party, the digital signature, and a verification status indicator;
  
  in response to receipt of the electronic communication, the second party authenticating the digital signature with the public key associated with the first party;
  
  in response to authenticating the digital signature, the second party communicating a request for a security profile associated with the first party to the security profile database;
  
  in response to receipt of the security profile associated with the first party from the secure entity, the second party determining a response to the predetermined information relating to the electronic contract based on prestored security profile-related business rules maintained by the second party; and
  
  in response to the verification status indicator in the electronic communication, the second party determining a response to the predetermined information relating to the electronic contract based on prestored verification status-related business rules maintained by the second party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the identifier is the public key associated with the party sending the electronic communication.
  - 3. The method of claim 1, wherein both parties to the contract each possess a device that generates a digital signature.
  - 4. The method of claim 1, wherein the step of storing the public key of the first party is carried out in a registration operation prior to the recited steps.
  - 5. The method of claim 1, wherein the database is an existing database maintained by the second party that stores information associated with the first party in association with an account identifier.
  - 6. The method of claim 1, wherein the security profile is stored in a secure database maintained by a third party.
  - 7. The method of claim 1, wherein the request for the security profile is based on the public key of the first party.
  - 8. The method of claim 1, further comprising the step of, in response to the request for a security profile, the security profile database retrieving and communicating the security profile associated with the first party to the second party.
  - 9. The method of claim 1, wherein the security profile database is maintained by a third party independently of the first party or the second party.
  - 10. The method of claim 1, wherein the response of the second party to the predetermined information relating to the electronic contract comprises the steps of:
    - the second party to the contract having a device that generates a digital signature using a private key of a public key/private key pair;
      
      storing the public key of the public key/private key pair of the second party in a database of the first party in association with an identifier and other information associated with the second party;
      
      the second party to the contract using its device to generate a digital signature with respect to predetermined information relating to the electronic contract; and
      
      the second party communicating a second electronic communication to the first party, the second electronic communication comprising an identifier associated with the second party, the digital signature, and a verification status indicator.

11. A method for use in a transaction involving an electronic contract, comprising the steps of:
- storing a security profile associated with the public key of a public key/private key pair of a first party to the contract in a database;
  
  the first party to the contract generating a digital signature relating to the electronic contract;
  
  the first party communicating an electronic communication to a second party to the contract, the electronic communication comprising the digital signature and a verification status indicator;
  
  in response to receipt of the electronic communication, the second party authenticating the digital signature with the public key associated with the first party;
  
  in response to authenticating the digital signature, the second party communicating a request for a security profile associated with the first party to the security profile database;
  
  in response to receipt of the security profile associated with the first party from the secure entity, the second party determining a response to the electronic contract based on prestored security profile-related business rules maintained by the second party; and
  
  in response to the verification status indicator in the electronic communication, the second party determining a response to the electronic contract based on prestored verification status-related business rules maintained by the second party.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein both parties to the contract each possess a device that generates a digital signature.
  - 13. The method of claim 11, wherein the step of storing the public key of the first party is carried out in a registration operation prior to the recited steps.
  - 14. The method of claim 11, wherein the database is an existing database maintained by the second party that stores information associated with the first party in association with an account identifier.
  - 15. The method of claim 11, wherein the security profile is stored in a secure database maintained by a third party.
  - 16. The method of claim 11, wherein the request for the security profile is based on the public key of the first party.
  - 17. The method of claim 11, further comprising the step of, in response to the request for a security profile, the security profile database retrieving and communicating the security profile associated with the first party to the second party.
  - 18. The method of claim 11, wherein the security profile database is maintained by a third party independently of the first party or the second party.
  - 19. The method of claim 11, wherein the response of the second party to the electronic contract comprises the steps of:
    - the second party to the contract generating a digital signature with respect to the electronic contract; and
      
      the second party communicating a second electronic communication to the first party, the second electronic communication comprising the digital signature and a verification status indicator.

20. A method for use in a transaction relating to an electronic contract, comprising the steps of:
- receiving input comprising verification data of a first party to the transaction;
  
  identifying within a device that generates digital signatures a current verification status out of a plurality of predefined verification statuses of the device as a function of the verification data and data prestored within the device, each verification status regarding an entity authentication performed by the device;
  
  independent of the verification status identified, generating a digital signature for a message as a function of said identified verification status, said generated digital signature comprising an indication of the identified verification status;
  
  outputting from the device the digital signature for transmission with an electronic communication relating to the electronic contract to a second party to the transaction;
  
  upon receipt of the electronic communication by the second party, the second party authenticating the digital signature; and
  
  in response to the identified verification status, the second party determining a response to the electronic contract.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The method of claim 20, further comprising the step of modifying within the device data representing the message as a function of the identified verification status.
  - 22. The method of claim 20, wherein both parties to the contract each possess a device that generates a digital signature.
  - 23. The method of claim 20, wherein the step of authenticating the digital signature of the first party comprises the step of using an account identifier accompanying the electronic communication for retrieving a prestored public key associated with the first party.
  - 24. The method of claim 23, further comprising the step of prestoring the public key of the first party in a database maintained by the second party prior to the recited steps.
  - 25. The method of claim 24, wherein the database is an existing database maintained by the second party that stores information associated with the first party in association with the account identifier.
  - 26. The method of claim 20, wherein the response of the second party to the electronic contract comprises the steps of:
    - the second party to the contract generating a digital signature with respect to the electronic contract; and
      
      the second party communicating a second electronic communication to the first party, the second electronic communication comprising a digital signature of the second party.
  - 27. The method of claim 20, wherein the digital signature of the second party is a function of verification data of the second party.

28. A method for use in a transaction involving an electronic contract, comprising the steps of:
- a first party to the contract having a device that generates a digital signature using a private key of a public key/private key pair;
  
  storing a security profile associated with the device in a database;
  
  the first party to the contract using the device to generate a digital signature with respect to predetermined information relating to the electronic contract;
  
  the first party communicating an electronic communication to a second party to the contract, the electronic communication comprising at least the digital signature;
  
  in response to receipt of the electronic communication, the second party authenticating the digital signature with the public key associated with the first party;
  
  in response to authenticating the digital signature, the second party communicating a request for a security profile associated with the first party to the security profile database; and
  
  in response to receipt of the security profile associated with the first party from the secure entity, the second party determining a response to the electronic contract based on prestored security profile-related business rules maintained by the second party.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 29. The method of claim 28, further comprising the step of storing the public key of the public key/private key pair of the first party in a database in association with an identifier and other information associated with the first party.
  - 30. The method of claim 29, wherein the database is an existing database maintained by the second party that stores information associated with the first party in association with an account identifier.
  - 31. The method of claim 29, wherein the identifier is the public key associated with the first party.
  - 32. The method of claim 28, wherein both parties to the contract each possess a device that generates a digital signature and carry out the steps of the method with respect to electronic communications received from each other.
  - 33. The method of claim 28, wherein the step of storing the public key of the first party is carried out in a registration operation prior to the recited steps.
  - 34. The method of claim 28, wherein the security profile is stored in a secure database maintained by a third party.
  - 35. The method of claim 28, wherein the request for the security profile is based on the public key of the first party.
  - 36. The method of claim 28, further comprising the step of, in response to the request for a security profile, the security profile database retrieving and communicating the security profile associated with the first party to the second party.
  - 37. The method of claim 28, wherein the security profile database is maintained by a third party independently of the first party or the second party.
  - 38. The method of claim 28, further comprising the steps of:
    - receiving in the device input comprising verification data of the first party to the contract;
      
      identifying within the device a current verification status out of a plurality of predefined verification statuses of the device as a function of the verification data and data prestored within the device, each verification status regarding an entity authentication performed by the device;
      
      independent of the verification status identified, generating a digital signature for a message as a function of said identified verification status, said generated digital signature comprising an indication of the identified verification status; and
      
      outputting from the device the digital signature for transmission with the electronic communication relating to the electronic contract to the second party to the transaction.
  - 39. The method of claim 38, further comprising the step of, in response to the verification status indicator in the electronic communication, the second party determining a response to the predetermined information relating to the electronic contract based on prestored verification status-related business rules maintained by the second party.
  - 40. The method of claim 38, wherein the electronic communication comprises an identifier associated with the first party, the digital signature, and the verification status indicator.
  - 41. The method of claim 38, wherein the response of the second party to the electronic contract includes the steps of:
    - the second party to the contract having a device that generates a digital signature using a private key of a public key/private key pair;
      
      storing the public key of the public key/private key pair of the second party in a database of the first party in association with an identifier and other information associated with the second party;
      
      the second party to the contract using its device to generate a digital signature with respect to the response to the electronic contract; and
      
      the second party communicating a second electronic communication to the first party, the second electronic communication comprising an identifier associated with the second party and the digital signature with respect to the response to the electronic contract.

42. A method for use in a transaction involving an electronic contract, comprising the steps of:
- at least a first party to the contract having a device that generates a digital signature using a respective private key of a respective public key/private key pair associated with the first party;
  
  storing the first party'"'"'s public key in a third party database in association with an identifier associated with the first party;
  
  the first party to the contract using the device to generate a digital signature with respect to predetermined information relating to the electronic contract;
  
  the first party communicating a first electronic communication to a second party to the contract, the electronic communication comprising at least an identifier associated with the first party and the digital signature;
  
  in response to receipt of the electronic communication, the second party transmitting a second electronic communication to the third party, the second electronic communication comprising at least the identifier and the digital signature form the first electronic communication;
  
  in response to receipt of the second electronic communication, the third party authenticating the digital signature with the public key associated with the first party to determine an entity authentication of the first party;
  
  the third party transmitting a third electronic communication indicating the entity authentication to the second party; and
  
  in response to receipt of the third electronic communication indicating the entity authentication of the first party, the second party determining a response to the electronic contract.
- View Dependent Claims (43, 44, 45, 46, 47)
- - 43. The method of claim 42, further comprising the step of storing a security profile associated with the first party'"'"'s device in a security profile database.
  - 44. The method of claim 43, in response to authenticating the digital signature of the first party, communicating a request for a security profile associated with the first party to the security profile database.
  - 45. The method of claim 44, wherein the request for the security profile is carried out by the third party or the second party.
  - 46. The method of claim 43, further comprising the step of:
    - in response to receipt of the security profile associated with the first party, the second party determining a response to the electronic contract based on prestored security profile-related business rules maintained by the second party.
  - 47. The method of claim 42, wherein the second party to the contract also has a device that generates a digital signature using a respective private key of a respective public key/private key pair associated with the second party, wherein the second patty'"'"'s public key is stored in the third party database in association with an identifier associated with the second party;
    - and wherein the steps of authenticating a digital signature is carried out by the third party with respect to electronic communications from the second party to the first party.

48. A method of forming a contract wherein information relating to the contract is transmitted as an electronic contract document from a sender to a receiver as an electronic communication, comprising:
- (a) exchanging information between the sender and the receiver, wherein the sender provides to the receiver information corresponding to the sender and the receiver provides to the sender information corresponding to the receiver, the exchanged information including at least an identifier and a public key of a public key/private key pair associated with the respective party;
  
  (b) the sender storing the data corresponding to the receiver in an sender database and the receiver storing the data corresponding to the sender in an receiver database;
  
  (c) the sender digitally signing the electronic contract document using the respective private key to form a digital signature;
  
  (d) the sender transmitting an electronic communication including at least the digital signature and the identifier to the receiver;
  
  (e) in response to receipt of the electronic communication, the receiver utilizing the sender'"'"'s identifier obtained from the electronic communication to retrieve the public key that corresponds to the sender;
  
  (f) authenticating the digital signature in the electronic communication to determine an entity authentication of the sender; and
  
  (g) determining a response to the electronic contract document based on the entity authentication.
- View Dependent Claims (49, 50, 51, 52, 53, 54)
- - 49. The method of claim 48 wherein the step of determining a response to the electronic contract document based on the entity authentication comprises accepting an offer.
  - 50. The method of claim 48, wherein the step of determining a response to the electronic contract document based on the entity authentication comprises rejection an offer.
  - 51. The method of claim 48, wherein digital signature includes a message digest of the electronic contract document.
  - 52. The method of claim 51, wherein the message digest is a hash value of the electronic contract document.
  - 53. The method of claim 48, wherein the step of determining a response to the electronic contract document based on the entity authentication includes accepting an offer such that an electronic acceptance is generated, wherein the acceptance amends terms of the offer.
  - 54. The method of claim 48, wherein the subject matter of the contract document is an offer to buy goods and the step of determining a response to the electronic contract document based on the entity authentication comprises a determination by the receiver of whether financial resources of the sender are sufficient for the transaction.

55. The method of 54, wherein the determination by the receiver of whether financial resources of the sender are sufficient for the transaction comprises reference to account information associated with the sender stored in the receiver database.
- View Dependent Claims (56)
- - 56. The method of claim 55, wherein the account information of the sender includes cash on hand, accounts payable;
    - accounts receivable, payment history with respect to timeliness of payment, and any other information relevant to making a business decision of whether to accept the offer.

57. A method for an electronic contract between contracting parties, wherein subject matter of a contract document is transmitted from a sender to a receiver as a message in an electronic communication, the parties having formed a relationship such that each maintains an account for the other, the account including a database record that includes an identifier of the party and account specific information, comprising the steps of:
- with respect to subject matter relating to the electronic contract, receiving within a device input comprising verification data of the message sender;
  
  identifying within the device a current verification status of the device as a function of the verification data;
  
  generating a digital signature with respect to the subject matter of the electronic contract;
  
  outputting from the device an indicator of the current verification status;
  
  combining at least the digital signature and the verification status indicator into an electronic communication;
  
  sending the electronic communication from the sender to the receiver;
  
  the receiver receiving the electronic communication;
  
  by use of the digital signature, the receiver authenticating the sender of the electronic communication;
  
  by use of the verification status indicator, determining that the sender intended to the subject matter relating to the electronic contract; and
  
  determining a response to the electronic contract based a determination that the sender intended the subject matter of the electronic message.

58. A method for an electronic contract between a first party and a second party, comprising the steps of:
- providing a personalized device for generation of a digital signature with respect to information input thereto;
  
  providing a secure input device securely displaying information relating to the terms of the electronic contract and for generating a digital signature with respect to information input thereto);
  
  displaying information relating to the terms of the electronic contract on a display associated with the secure input device;
  
  communicating a message relating to the electronic contract from the secure input device to the personalized device;
  
  with the personalized device, generating a digital signature with respect to the message provided by the secure input device;
  
  communicating at least the digital signature from the personalized device to the secure input device as a first electronic communication;
  
  at the secure input device, generating a digital signature with respect to the first electronic communication; and
  
  communicating a second electronic communication comprising at least the digital signature with respect to the first electronic communication from the first party to the second party.
- View Dependent Claims (59, 60, 61, 62)
- - 59. The method of claim 58, further comprising the steps of:
    - the second party receiving the second electronic communication;
      
      by use of the digital signature of the first communication, the second party authenticating the first party;
      
      by use of the digital signature of the second communication, determining that the first party intended the subject matter relating to the electronic contract; and
      
      the second party determining a response to the electronic contract based a determination that the first party intended the subject matter of the electronic message.
  - 60. The method of claim 58, wherein the secure input device is further operative for receiving secure entry of verification data.
  - 61. The method of claim 60, wherein the message relating to the electronic contract the message includes verification data securely input into the secure input device.
  - 62. The method of claim 61, wherein the message relating to the electronic contract includes information relating to the terms of the electronic contract.

63. A method for an electronic contract between a first party and a second party, comprising the steps of:
- providing a personalized device for generation of a digital signature with respect to information input thereto;
  
  providing a secure input device for receiving secure entry of verification data and for generating a digital signature with respect to information input thereto;
  
  with respect to subject matter relating to the electronic contract, receiving within the secure input device verification data of the first party;
  
  with the personalized device, generating a digital signature with respect to the subject matter of the electronic contract including the verification data;
  
  communicating at least the digital signature from the personalized device to the secure input device as a first electronic communication;
  
  at the secure input device, generating a digital signature with respect to the first electronic communication;
  
  combining at least the digital signature of the secure input device with the digital signature of the personalized device status to form a second electronic communication; and
  
  communicating the second electronic communication from the first party to the second party.
- View Dependent Claims (64, 65, 66, 67)
- - 64. The method of claim 63, further comprising the steps of:
    - the second party receiving the second electronic communication;
      
      by use of the digital signature of the first communication, the second party authenticating the first party;
      
      by use of the digital signature of the second communication, determining that the first party intended the subject matter relating to the electronic contract; and
      
      the second party determining a response to the electronic contract based a determination that the first party intended the subject matter of the electronic message.
  - 65. The method of claim 63, wheren the secure input device is operative for secure display of information relating to the electronic contract to a user.
  - 66. The method of claim 63, further comprising the step of displaying information relating to the terms of the electronic contract at the secure input device.
  - 67. The method of claim 66, wherein the terms of the electronically displayed at the secure input device are provided as the subject matter of the electronic contract for digital signature by the personalized device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne Mcafree

Granted Patent

US 7,200,749 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3558   Preliminary personalisation...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/403 : Solvency checks

G06Q 20/40975 : using encryption therefor

G06Q 50/188 : Electronic negotiation

G07F 7/0886 : the card reader being porta...

G07F 7/1008 : Active credit-cards provide...

G07F 7/1016 : Devices or methods for secu...

H04L 2209/42 : Anonymization, e.g. involvi...

H04L 2209/56 : Financial cryptography, e.g...

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/062 : for key distribution, e.g. ...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/12 : Applying verification of th...

H04L 9/321 : involving a third party or ...

H04L 9/3247 : involving digital signatures

View All

Method and system for using electronic communications for an electronic contract

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

281 Citations

67 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for using electronic communications for an electronic contract

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

281 Citations

67 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links