Transaction coordinator for digital certificate validation and other services

US 20070073621A1
Filed: 11/22/2006
Published: 03/29/2007
Est. Priority Date: 09/10/1999
Status: Active Grant

First Claim

Patent Images

1. A microprocessor-based transaction coordinator for facilitating computerized transactions using techniques of public key cryptography, said transaction coordinator comprising:

an interface module adapted to communicate with other entities;

coupled to the interface module, a set of service modules comprising at least one of a digital certificate status check module, a warranty service module, and a payment guarantee module; and

coupled to the interface module, a set of core components comprising at least one of a logging component, a billing component, and a digital signature component.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for facilitating electronic commerce by securely providing certificate-related and other services including certificate validation and warranty. In a preferred embodiment, these services are provided within the context of a four-corner trust model. The four-corner model comprises a buyer, or subscribing customer, and a seller, or relying customer, who engage in an on-line transaction. The buyer is a customer of a first financial institution, or issuing participant. The issuing participant operates a certificate authority and issues the buyer a hardware token including a private key and a digital certificate signed by the issuing participant. The seller is a customer of a second financial institution, or relying participant. The relying participant operates a certificate authority and issues the seller a hardware token including a private key and a digital certificate signed by the relying participant. The system also includes a root certificate authority that operates a certificate authority that issues digital certificates to the issuing and relying participants. At the time of a transaction, the buyer creates a hash of the transaction data, signs the hash, and transmits the transaction data, the signature, and its digital certificate to the seller. The seller may then request system services via a connection with its financial institution, the relying participant. The system services may include a certificate status check service and a warranty service. The certificate status check service allows the relying customer to validate the subscribing customer'"'"'s certificate. The warranty service allows the relying customer to receive a collateral-backed warranty that the subscribing customer'"'"'s certificate is valid. Each participant and the root entity is provided with a transaction coordinator for combining services and operations into a single transaction having the qualities of atomicity, consistency, isolation, and durability. The transaction coordinator provides a single consistent interface for certificate-status messages and requests, as well as messages and requests relating to other services.

84 Citations

View as Search Results

29 Claims

1. A microprocessor-based transaction coordinator for facilitating computerized transactions using techniques of public key cryptography, said transaction coordinator comprising:
- an interface module adapted to communicate with other entities;
  
  coupled to the interface module, a set of service modules comprising at least one of a digital certificate status check module, a warranty service module, and a payment guarantee module; and
  
  coupled to the interface module, a set of core components comprising at least one of a logging component, a billing component, and a digital signature component.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The transaction coordinator of claim 1 further comprising atomicity means for ensuring that computerized transactions coordinated by the transaction coordinator exhibit atomicity;
    - wherein;
      
      all actions required to complete a transaction succeed or all said actions fail; and
      
      each transaction is an indivisible unit of work.
  - 3. The apparatus of claim 1 wherein the transaction coordinator is a part of a public key infrastructure, and the transaction coordinator further comprises consistency means for insuring that computerized transactions coordinated by the transaction coordinator exhibit consistency;
    - wherein;
      
      after a transaction is executed, either the public key infrastructure is left in a correct stable state, or else the public key infrastructure returns to a state preceding initiation of the transaction.
  - 4. The transaction coordinator of claim 1 further comprising isolation means for insuring that computerized transactions coordinated by the transaction coordinator exhibit isolation;
    - wherein;
      
      each transaction is unaffected by other transactions executing concurrently.
  - 5. The transaction coordinator of claim 1 further comprising durability means for insuring that computerized transactions coordinated by the transaction coordinator exhibit durability;
    - wherein;
      
      effects of each transaction are permanent after the transaction is performed.
  - 6. The transaction coordinator of claim 1 further comprising a transaction processing monitor.
  - 7. The transaction coordinator of claim 1 further comprising a component transaction monitor.

8. Apparatus for providing a digital certificate status check service via a computer network, said apparatus comprising:
- a root entity;
  
  at least one issuing participant; and
  
  at least one relying participant;
  
  wherein;
  
  each of the root entity, each issuing participant, and each relying participant comprises a transaction coordinator;
  
  coupled to each transaction coordinator is a digital certificate authentication and validation module adapted to check status of digital certificates, to receive online digital certificate status requests from the transaction coordinator, and to transmit online digital certificate status responses to the transaction coordinator; and
  
  coupled to each digital certificate authentication and validation module is a hardware security module.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The apparatus of claim 8, wherein each digital certificate authentication and validation module is adapted to transmit a “
    - revoked”
      
      response regarding a checked digital certificate when the checked digital certificate, or a linked certificate in a certificate chain with the checked digital certificate, has been revoked prior to a particular time.
  - 10. The apparatus of claim 9, wherein each issuing participant is adapted to disclaim liability for documents that have been digitally signed after the particular time.
  - 11. The apparatus of claim 8, wherein each digital certificate authentication and validation module is adapted to transmit a “
    - good”
      
      response regarding a checked digital certificate when the checked digital certificate, and every other certificate in a certificate chain with the checked digital certificate, is in good standing as of a particular time.
  - 12. The apparatus of claim 11, wherein each issuing participant accepts liability for documents that have been digitally signed prior to the particular time using a private key corresponding to the checked digital certificate.
  - 13. The apparatus of claim 8, wherein each digital certificate authentication and validation module is adapted to transmit an “
    - unknown”
      
      response regarding a checked digital certificate when the checked digital certificate, or a certificate in a certificate chain with the checked digital certificate, is not known to be in good standing.
  - 14. The apparatus of claim 13, wherein each issuing participant is adapted to disclaim liability for documents that have been digitally signed using a private key corresponding to the checked digital certificate.
  - 15. The apparatus of claim 8, wherein each digital certificate authentication and validation module is adapted to store private keys in its corresponding hardware security module.
  - 16. The apparatus of claim 8, wherein each digital certificate authentication and validation module meets a set of minimum security requirements established by the root entity.
  - 17. The apparatus of claim 8, wherein at least one digital certificate authentication and validation module is an online certificate status protocol responder.
  - 18. The apparatus of claim 8, wherein at least one digital certificate authentication and validation module uses eXtensible Markup Language.

19. A computer-implemented method for providing a digital certificate status check service via a computer network, said method comprising the steps of:
- providing a root entity, at least one issuing participant, and at least one relying participant; and
  
  providing each of the root entity, each issuing participant, and each relying participant with a microprocessor-based transaction coordinator;
  
  coupling to each transaction coordinator a digital certificate authentication and validation module to check status of digital certificates, to receive online certificate status requests from the transaction coordinator, and to transmit online certificate status responses to the transaction coordinator; and
  
  coupling to each digital certificate authentication and validation module a hardware security module.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 20. The method of claim 19, wherein a digital certificate authentication and validation module transmits a “
    - revoked”
      
      response regarding a checked digital certificate when the checked digital certificate, or a certificate in a certificate chain with the checked digital certificate, has been revoked prior to a particular time.
  - 21. The method of claim 20, wherein each issuing participant disclaims liability for documents that have been digitally signed after the particular time.
  - 22. The method of claim 19, wherein a digital certificate authentication and validation module transmits a “
    - good”
      
      response regarding a checked digital certificate when the checked digital certificate, and every other certificate in a certificate chain with the checked digital certificate, is in good standing as of a particular time.
  - 23. The method of claim 22, wherein each issuing participant accepts liability for documents that have been digitally signed prior to the particular time using a private key corresponding to the checked digital certificate.
  - 24. The method of claim 19, wherein a digital certificate authentication and validation module transmits an “
    - unknown”
      
      response regarding a checked digital certificate when the checked digital certificate, or a certificate in a certificate chain with the checked digital certificate, is not known to be in good standing.
  - 25. The method of claim 24, wherein each issuing participant disclaims liability for documents that have been digitally signed using a private key corresponding to the checked digital certificate.
  - 26. The method of claim 19, wherein each digital certificate authentication and validation module stores private keys in its corresponding hardware security module.
  - 27. The method of claim 19, wherein each digital certificate authentication and validation module meets a set of minimum security requirements established by the root entity.
  - 28. The method of claim 19, wherein at least one digital certificate authentication and validation module is an online certificate status protocol responder.
  - 29. The method of claim 19, wherein at least one digital certificate authentication and validation module uses eXtensible Markup Language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Charles Dulin, David Solo, Larry Nepomuceno, Mack Hicks, Mark Stirland
Original Assignee
Charles Dulin, David Solo, Larry Nepomuceno, Mack Hicks, Mark Stirland
Inventors
Dulin, Charles, Stirland, Mark, Solo, David, Hicks, Mack, Nepomuceno, Larry

Granted Patent

US 8,818,903 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/50
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

G06Q 2220/00   Business processing using c...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 9/3265   using certificate chains, t...

Transaction coordinator for digital certificate validation and other services

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Transaction coordinator for digital certificate validation and other services

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links