Secure online transactions using a trusted digital identity

US 20070011066A1
Filed: 07/08/2005
Published: 01/11/2007
Est. Priority Date: 07/08/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium whose contents cause a computing system to:

receive a request from a client to perform a transaction; and

in response to receiving the request;

identify a user requesting the transaction;

identify a key corresponding to the user'"'"'s authenticating device;

generate a secret for the transaction, the secret being good for committing the transaction;

create a bundle of transaction data for the transaction, the bundle comprising the secret, the bundle comprising a indication that the secret is not to be displayed on the client'"'"'s screen;

encrypt the bundle of transaction data using the identified key; and

transmit the encrypted bundle of transaction data to the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for conducting secure online transactions are provided. Some techniques utilize a trusted, secure device that is distributed to a human user, and which only the user can access, a device reader, and a one-time secret valid only to authenticate a single transaction to improve on the traditional transaction model by isolating elements of the transaction with the user on the user'"'"'s trusted, secure device. Isolating elements of the transaction on the trusted, secure device facilitates a secure transaction on an untrusted machine and over an untrusted network.

Citations

20 Claims

1. A computer-readable medium whose contents cause a computing system to:
- receive a request from a client to perform a transaction; and
  
  in response to receiving the request;
  
  identify a user requesting the transaction;
  
  identify a key corresponding to the user'"'"'s authenticating device;
  
  generate a secret for the transaction, the secret being good for committing the transaction;
  
  create a bundle of transaction data for the transaction, the bundle comprising the secret, the bundle comprising a indication that the secret is not to be displayed on the client'"'"'s screen;
  
  encrypt the bundle of transaction data using the identified key; and
  
  transmit the encrypted bundle of transaction data to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable medium of claim 1, wherein the encrypted bundle of transaction data is transmitted to the client as part of a transaction verification request.
  - 3. The computer-readable medium of claim 1, wherein the transaction is an online banking transaction.
  - 4. The computer-readable medium of claim 1, wherein the transaction is an online trading transaction.
  - 5. The computer-readable medium of claim 1, wherein the transaction is an electronic purchase transaction.
  - 6. The computer-readable medium of claim 1 further comprising contents that cause the computing system to:
    - receive from the client a user-entered string;
      
      identify the transaction corresponding to the user-entered string;
      
      compare the user-entered string with the secret corresponding to the identified transaction; and
      
      in response to the user-entered string matching the secret corresponding to the identified transaction, commit the identified transaction; and
      
      in response to the user-entered string not matching the secret corresponding to the identified transaction, abort the identified transaction.
  - 7. The computer-readable medium of claim 6 further comprising contents that cause the computing system to:
    - in response to committing the identified transaction;
      
      create a transaction receipt for the committed transaction;
      
      encrypt the transaction receipt using a key corresponding to the user'"'"'s authenticating device; and
      
      transmit the encrypted transaction receipt to the client.

8. A method in a first computing system for requesting a transaction on a second computing system, the first computing system having a coupled authenticating device reader, the method comprising:
- receiving a request to perform a transaction on the second computing system, the request input by a user of the first computing system; and
  
  transmitting the request to the second computing system, and in response to transmitting the request to the second computing system;
  
  receiving from the second computing system a request to verify the transaction, the request to verify the transaction comprising an encrypted secret to verify the transaction; and
  
  forwarding the encrypted secret to the coupled authenticating device reader, such that the encrypted secret is decrypted by the coupled authenticating device reader using a key included in an authenticating device, the decrypted secret is output on an output device of the authenticating device reader, the decrypted secret is not provided back to the first computing system.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The method of claim 8, wherein the output device of the authenticating device reader is a screen.
  - 10. The method of claim 8, wherein the output device of the authenticating device reader is an audio device.
  - 11. The method of claim 8, wherein the authenticating device is received out-of-band by the user from a provider of the second computing system.
  - 12. The method of claim 11, wherein the provider of the second computing system is an online merchant.
  - 13. The method of claim 8, wherein the transaction is an online transaction.
  - 14. The method of claim 8, wherein the authenticating device is a smart card.
  - 15. The method of claim 8, wherein the authenticating device is a secure token.
  - 16. The method of claim 8, wherein the authenticating device uses biometrics.
  - 17. The method of claim 8 further comprising:
    - receiving from a user an input string; and
      
      transmitting the input string to the second computing device.
  - 18. The method of claim 17 further comprising, prior to transmitting the input string, encrypting the input string and transmitting the encrypted input string to the second computing device.
  - 19. The method of claim 17 further comprising:
    - receiving from the second computing device an encrypted transaction receipt; and
      
      forwarding the encrypted transaction receipt to the coupled authenticating device reader, such that the encrypted transaction receipt is decrypted by the coupled authenticating device reader using the key included in the authenticating device, the decrypted transaction receipt is output on the output device of the authenticating device reader.

20. One or more data signals that collectively convey a transaction verification request to verify a transaction, the transaction verification request comprising encrypted contents, the encrypted contents comprising a secret for verifying the transaction, such that the encrypted contents are decrypted by an authenticating device reader using a key included in an authenticating device accessible by the authenticating device reader, wherein the decrypted secret is output only to an output device of the authenticating device reader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Steeves, David

Granted Patent

US 9,213,992 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/35
CPC Class Codes

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/12   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

G06Q 20/40145   Biometric identity checks

G06Q 20/409   Device specific authenticat...

G06Q 2220/00   Business processing using c...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/02   Banking, e.g. interest calc...

G06Q 40/04   Trading; Exchange, e.g. sto...

Secure online transactions using a trusted digital identity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure online transactions using a trusted digital identity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links