Secure online transactions using a trusted digital identity
First Claim
Patent Images
1. A computer-readable medium whose contents cause a computing system to:
- receive a request from a client to perform a transaction; and
in response to receiving the request;
identify a user requesting the transaction;
identify a key corresponding to the user'"'"'s authenticating device;
generate a secret for the transaction, the secret being good for committing the transaction;
create a bundle of transaction data for the transaction, the bundle comprising the secret, the bundle comprising a indication that the secret is not to be displayed on the client'"'"'s screen;
encrypt the bundle of transaction data using the identified key; and
transmit the encrypted bundle of transaction data to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for conducting secure online transactions are provided. Some techniques utilize a trusted, secure device that is distributed to a human user, and which only the user can access, a device reader, and a one-time secret valid only to authenticate a single transaction to improve on the traditional transaction model by isolating elements of the transaction with the user on the user'"'"'s trusted, secure device. Isolating elements of the transaction on the trusted, secure device facilitates a secure transaction on an untrusted machine and over an untrusted network.
-
Citations
20 Claims
-
1. A computer-readable medium whose contents cause a computing system to:
-
receive a request from a client to perform a transaction; and
in response to receiving the request;
identify a user requesting the transaction;
identify a key corresponding to the user'"'"'s authenticating device;
generate a secret for the transaction, the secret being good for committing the transaction;
create a bundle of transaction data for the transaction, the bundle comprising the secret, the bundle comprising a indication that the secret is not to be displayed on the client'"'"'s screen;
encrypt the bundle of transaction data using the identified key; and
transmit the encrypted bundle of transaction data to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method in a first computing system for requesting a transaction on a second computing system, the first computing system having a coupled authenticating device reader, the method comprising:
-
receiving a request to perform a transaction on the second computing system, the request input by a user of the first computing system; and
transmitting the request to the second computing system, and in response to transmitting the request to the second computing system;
receiving from the second computing system a request to verify the transaction, the request to verify the transaction comprising an encrypted secret to verify the transaction; and
forwarding the encrypted secret to the coupled authenticating device reader, such that the encrypted secret is decrypted by the coupled authenticating device reader using a key included in an authenticating device, the decrypted secret is output on an output device of the authenticating device reader, the decrypted secret is not provided back to the first computing system. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. One or more data signals that collectively convey a transaction verification request to verify a transaction, the transaction verification request comprising encrypted contents, the encrypted contents comprising a secret for verifying the transaction,
such that the encrypted contents are decrypted by an authenticating device reader using a key included in an authenticating device accessible by the authenticating device reader, wherein the decrypted secret is output only to an output device of the authenticating device reader.
Specification