Method and system for using electronic communications for an electronic contract
First Claim
1. A method for use in a transaction involving an electronic contract, comprising the steps of:
- a first party to the contract having a device that generates a digital signature using a private key of a public key/private key pair;
storing the public key of the public key/private key pair of the first party in a database in association with an identifier and other information associated with the first party;
storing a security profile associated with the device in a database;
the first party to the contract using the device to generate a digital signature with respect to predetermined information relating to the electronic contract;
the first party communicating an electronic communication to a second party to the contract, the electronic communication comprising an identifier associated with the first party, the digital signature, and a verification status indicator;
in response to receipt of the electronic communication, the second party authenticating the digital signature with the public key associated with the first party;
in response to authenticating the digital signature, the second party communicating a request for a security profile associated with the first party to the security profile database;
in response to receipt of the security profile associated with the first party from the secure entity, the second party determining a response to the predetermined information relating to the electronic contract based on prestored security profile-related business rules maintained by the second party; and
in response to the verification status indicator in the electronic communication, the second party determining a response to the predetermined information relating to the electronic contract based on prestored verification status-related business rules maintained by the second party.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and system for digitally signing an electronic contract document. An electronic communication contains an identifier, a message, which includes the document, and a digital signature generated with a private key of an asymmetric key pair (247). The identifier may be used to retrieve a corresponding public key (287) and account information pertaining to the sender of the message. The public key may be used to authenticate the sender and the message. A device containing the private key may be used to protect the privacy thereof. The device may also generate a verification status indicator corresponding to verification data input into the device. The indicator may also be used as evidence that the sender of a contract document performed an overt act in causing the electronic communication to be digitally signed. A security profile linked to the public key in a secure database indicates security characteristics of the device.
281 Citations
67 Claims
-
1. A method for use in a transaction involving an electronic contract, comprising the steps of:
-
a first party to the contract having a device that generates a digital signature using a private key of a public key/private key pair;
storing the public key of the public key/private key pair of the first party in a database in association with an identifier and other information associated with the first party;
storing a security profile associated with the device in a database;
the first party to the contract using the device to generate a digital signature with respect to predetermined information relating to the electronic contract;
the first party communicating an electronic communication to a second party to the contract, the electronic communication comprising an identifier associated with the first party, the digital signature, and a verification status indicator;
in response to receipt of the electronic communication, the second party authenticating the digital signature with the public key associated with the first party;
in response to authenticating the digital signature, the second party communicating a request for a security profile associated with the first party to the security profile database;
in response to receipt of the security profile associated with the first party from the secure entity, the second party determining a response to the predetermined information relating to the electronic contract based on prestored security profile-related business rules maintained by the second party; and
in response to the verification status indicator in the electronic communication, the second party determining a response to the predetermined information relating to the electronic contract based on prestored verification status-related business rules maintained by the second party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for use in a transaction involving an electronic contract, comprising the steps of:
-
storing a security profile associated with the public key of a public key/private key pair of a first party to the contract in a database;
the first party to the contract generating a digital signature relating to the electronic contract;
the first party communicating an electronic communication to a second party to the contract, the electronic communication comprising the digital signature and a verification status indicator;
in response to receipt of the electronic communication, the second party authenticating the digital signature with the public key associated with the first party;
in response to authenticating the digital signature, the second party communicating a request for a security profile associated with the first party to the security profile database;
in response to receipt of the security profile associated with the first party from the secure entity, the second party determining a response to the electronic contract based on prestored security profile-related business rules maintained by the second party; and
in response to the verification status indicator in the electronic communication, the second party determining a response to the electronic contract based on prestored verification status-related business rules maintained by the second party. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for use in a transaction relating to an electronic contract, comprising the steps of:
-
receiving input comprising verification data of a first party to the transaction;
identifying within a device that generates digital signatures a current verification status out of a plurality of predefined verification statuses of the device as a function of the verification data and data prestored within the device, each verification status regarding an entity authentication performed by the device;
independent of the verification status identified, generating a digital signature for a message as a function of said identified verification status, said generated digital signature comprising an indication of the identified verification status;
outputting from the device the digital signature for transmission with an electronic communication relating to the electronic contract to a second party to the transaction;
upon receipt of the electronic communication by the second party, the second party authenticating the digital signature; and
in response to the identified verification status, the second party determining a response to the electronic contract. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for use in a transaction involving an electronic contract, comprising the steps of:
-
a first party to the contract having a device that generates a digital signature using a private key of a public key/private key pair;
storing a security profile associated with the device in a database;
the first party to the contract using the device to generate a digital signature with respect to predetermined information relating to the electronic contract;
the first party communicating an electronic communication to a second party to the contract, the electronic communication comprising at least the digital signature;
in response to receipt of the electronic communication, the second party authenticating the digital signature with the public key associated with the first party;
in response to authenticating the digital signature, the second party communicating a request for a security profile associated with the first party to the security profile database; and
in response to receipt of the security profile associated with the first party from the secure entity, the second party determining a response to the electronic contract based on prestored security profile-related business rules maintained by the second party. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for use in a transaction involving an electronic contract, comprising the steps of:
-
at least a first party to the contract having a device that generates a digital signature using a respective private key of a respective public key/private key pair associated with the first party;
storing the first party'"'"'s public key in a third party database in association with an identifier associated with the first party;
the first party to the contract using the device to generate a digital signature with respect to predetermined information relating to the electronic contract;
the first party communicating a first electronic communication to a second party to the contract, the electronic communication comprising at least an identifier associated with the first party and the digital signature;
in response to receipt of the electronic communication, the second party transmitting a second electronic communication to the third party, the second electronic communication comprising at least the identifier and the digital signature form the first electronic communication;
in response to receipt of the second electronic communication, the third party authenticating the digital signature with the public key associated with the first party to determine an entity authentication of the first party;
the third party transmitting a third electronic communication indicating the entity authentication to the second party; and
in response to receipt of the third electronic communication indicating the entity authentication of the first party, the second party determining a response to the electronic contract. - View Dependent Claims (43, 44, 45, 46, 47)
-
-
48. A method of forming a contract wherein information relating to the contract is transmitted as an electronic contract document from a sender to a receiver as an electronic communication, comprising:
-
(a) exchanging information between the sender and the receiver, wherein the sender provides to the receiver information corresponding to the sender and the receiver provides to the sender information corresponding to the receiver, the exchanged information including at least an identifier and a public key of a public key/private key pair associated with the respective party;
(b) the sender storing the data corresponding to the receiver in an sender database and the receiver storing the data corresponding to the sender in an receiver database;
(c) the sender digitally signing the electronic contract document using the respective private key to form a digital signature;
(d) the sender transmitting an electronic communication including at least the digital signature and the identifier to the receiver;
(e) in response to receipt of the electronic communication, the receiver utilizing the sender'"'"'s identifier obtained from the electronic communication to retrieve the public key that corresponds to the sender;
(f) authenticating the digital signature in the electronic communication to determine an entity authentication of the sender; and
(g) determining a response to the electronic contract document based on the entity authentication. - View Dependent Claims (49, 50, 51, 52, 53, 54)
-
- 55. The method of 54, wherein the determination by the receiver of whether financial resources of the sender are sufficient for the transaction comprises reference to account information associated with the sender stored in the receiver database.
-
57. A method for an electronic contract between contracting parties, wherein subject matter of a contract document is transmitted from a sender to a receiver as a message in an electronic communication, the parties having formed a relationship such that each maintains an account for the other, the account including a database record that includes an identifier of the party and account specific information, comprising the steps of:
-
with respect to subject matter relating to the electronic contract, receiving within a device input comprising verification data of the message sender;
identifying within the device a current verification status of the device as a function of the verification data;
generating a digital signature with respect to the subject matter of the electronic contract;
outputting from the device an indicator of the current verification status;
combining at least the digital signature and the verification status indicator into an electronic communication;
sending the electronic communication from the sender to the receiver;
the receiver receiving the electronic communication;
by use of the digital signature, the receiver authenticating the sender of the electronic communication;
by use of the verification status indicator, determining that the sender intended to the subject matter relating to the electronic contract; and
determining a response to the electronic contract based a determination that the sender intended the subject matter of the electronic message.
-
-
58. A method for an electronic contract between a first party and a second party, comprising the steps of:
-
providing a personalized device for generation of a digital signature with respect to information input thereto;
providing a secure input device securely displaying information relating to the terms of the electronic contract and for generating a digital signature with respect to information input thereto);
displaying information relating to the terms of the electronic contract on a display associated with the secure input device;
communicating a message relating to the electronic contract from the secure input device to the personalized device;
with the personalized device, generating a digital signature with respect to the message provided by the secure input device;
communicating at least the digital signature from the personalized device to the secure input device as a first electronic communication;
at the secure input device, generating a digital signature with respect to the first electronic communication; and
communicating a second electronic communication comprising at least the digital signature with respect to the first electronic communication from the first party to the second party. - View Dependent Claims (59, 60, 61, 62)
-
-
63. A method for an electronic contract between a first party and a second party, comprising the steps of:
-
providing a personalized device for generation of a digital signature with respect to information input thereto;
providing a secure input device for receiving secure entry of verification data and for generating a digital signature with respect to information input thereto;
with respect to subject matter relating to the electronic contract, receiving within the secure input device verification data of the first party;
with the personalized device, generating a digital signature with respect to the subject matter of the electronic contract including the verification data;
communicating at least the digital signature from the personalized device to the secure input device as a first electronic communication;
at the secure input device, generating a digital signature with respect to the first electronic communication;
combining at least the digital signature of the secure input device with the digital signature of the personalized device status to form a second electronic communication; and
communicating the second electronic communication from the first party to the second party. - View Dependent Claims (64, 65, 66, 67)
-
Specification