Method for electronic commerce using security token and apparatus thereof

US 20050097060A1
Filed: 06/07/2004
Published: 05/05/2005
Est. Priority Date: 11/04/2003
Status: Abandoned Application

First Claim

Patent Images

1. An electronic commerce method using a security token comprising:

a transaction approval institution generating a security token based on a security assertion markup language (SAML), using credit information of a purchaser who requests to issue a security token, and transmitting the security token to the purchaser;

the purchaser writing an electronic signature on an order and transmitting the order together with the security token to a seller;

the seller verifying the received order and security token, and then delivering goods according to the order to the purchaser; and

the transaction approval institution performing payment for the seller and the purchaser.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for electronic commerce using a security token and an apparatus thereof are provided. The electronic commerce method using a security token comprises a transaction approval institution generating a security token based on a security assertion markup language (SAML), using credit information of a purchaser who requests to issue a security token, and transmitting the security token to the purchaser; the purchaser writing an electronic signature on an order and transmitting the order together with the security token to a seller; the seller verifying the received order and security token, and then delivering goods according to the order to the purchaser; and the transaction approval institution performing payment for the seller and the purchaser. The method can solve the problems of personal information leakage and privacy infringement that may happen when a purchaser sends his personal information to a seller for electronic commerce. Since the token is one-time-use data, even if a security token sent is counterfeited or stolen, the loss can be minimized. In addition, by writing an extensible markup language (XML) electronic signature in the security token, authentication, integrity, and non-repudiation for a transmitted message can be guaranteed and through simple object access protocol (SOAP) security technology, confidentiality is maintained.

121 Citations

11 Claims

1. An electronic commerce method using a security token comprising:
- a transaction approval institution generating a security token based on a security assertion markup language (SAML), using credit information of a purchaser who requests to issue a security token, and transmitting the security token to the purchaser;
  
  the purchaser writing an electronic signature on an order and transmitting the order together with the security token to a seller;
  
  the seller verifying the received order and security token, and then delivering goods according to the order to the purchaser; and
  
  the transaction approval institution performing payment for the seller and the purchaser.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the generating and transmitting a security token comprises:
    - based on the SAML, generating the security token by processing the purchaser information as an entity in the form of assertion;
      
      writing an electronic signature in the security token; and
      
      transmitting the electronically signed security token as a part of POST payload to the purchaser.
  - 3. The method of claim 1, wherein the security token is for one-time-use.
  - 4. The method of claim 2, wherein the writing an electronic signature comprises:
    - writing an electronic signature in the security token by encrypting a result value, which is obtained by performing message digestion, based on a private key of the transaction approval institution.
  - 5. The method of claim 1, wherein the verifying the order and security order and delivering goods comprises:
    - obtaining a public key of the transaction approval institution from the transaction approval institution;
      
      decrypting the electronic signature based on the public key; and
      
      comparing a first message digest value that is the result of the decryption with a second message digest value that is the result of performing message digestion for the electronic token, and if the first and second message digest values are identical, processing the order according to the purchaser'"'"'s credit information in the security token.

6. A security token generation system comprising:
- a customer information storage unit which stores customer information;
  
  a security token generation unit which if a security token generation request signal is input, searches the customer information storage unit and performs authentication and then outputs a one-time-use security token; and
  
  an electronic signature unit which receives the security token, writes an electronic signature, and outputs the security token to the customer requesting to issue the security token.
- View Dependent Claims (7, 8)
- - 7. The security token generation system of claim 6, wherein the security token generation unit generates the security token by processing the customer information as an entity in the form of assertion based on the SAML.
  - 8. The security token generation system of claim 6, wherein the electronic signature unit receives the electronic token, performs message digestion, encrypts the result with a private key of the security token generation system, and outputs the encrypted electronic token.

9. An electronic token generation method of an electronic transaction approval institution based on credit information of a purchaser comprising:
- generating a one-time-use security token based on an XML;
  
  writing an electronic signature in the security token; and
  
  encrypting the electronically signed security token as a part of POST payload and transmitting to the purchaser.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein in the generating a one-time-use security token, the credit information is processed in the form of assertion based on SAML.
  - 11. The method of claim 9, wherein the writing an electronic signature comprises:
    - writing an electronic signature in the security token by encrypting a result value, which is obtained by performing message digestion, based on a private key of the transaction approval institution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Lee, Joo Young, Park, Chee Hang, Sohn, Sung Won, Moon, Ki Young

Application Number

US10/863,735
Publication Number

US 20050097060A1
Time in Patent Office

Days
Field of Search
US Class Current

705/65
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/045   using payment protocols inv...

G06Q 20/12   specially adapted for elect...

G06Q 20/367   involving electronic purses...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/385   using an alias or single-us...

H04L 2463/102   applying security measure f...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/12   Applying verification of th...

Method for electronic commerce using security token and apparatus thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

121 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method for electronic commerce using security token and apparatus thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links