Method and System for Performing a Transaction and for Performing a Verification of Legitimate Access to, or Use of Digital Data
First Claim
1. Method for performing an electronic transaction between a first transaction party and a second transaction party using an electronic device operated by the first transaction party, the method comprising:
- providing authentication data in a memory of said electronic device which authentication data are inaccessible to a user of said electronic device;
providing authentication software in said electronic device, the authentication data being accessible to said authentication software;
activating the authentication software to generate a digital signature from the authentication data;
providing the digital signature to the second transaction party.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for performing an electronic transaction is disclosed. The method provides authentication data and authentication software to an electronic device and preferably stored in a secure storage location or other location inaccessible to the user or the operating system of the device. When digital data is requested from a transaction party that requests a digital signature, the authentication software is activated to generate said digital signature from the authentication data. Next, the digital signature is provided to the other transaction party, which then provides the requested digital data. The digital signature may be embedded in the requested and provided digital data. Further, a method for performing a verification of legitimate use of digital data is disclosed. Digital data digitally signed according to the present invention may only be accessed if the embedded digital signature is identical to a regenerated digital signature that is regenerated by the authentication software, using user inaccessible authentication data installed on the device. If the embedded and regenerated digital signatures are not identical, the data may not be accessed and an error signal is generated.
47 Citations
31 Claims
-
1. Method for performing an electronic transaction between a first transaction party and a second transaction party using an electronic device operated by the first transaction party, the method comprising:
-
providing authentication data in a memory of said electronic device which authentication data are inaccessible to a user of said electronic device;
providing authentication software in said electronic device, the authentication data being accessible to said authentication software;
activating the authentication software to generate a digital signature from the authentication data;
providing the digital signature to the second transaction party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
9. Method for performing a verification of legitimate use of digital data on an electronic device, the method comprising:
-
providing authentication data in a memory of said electronic device which authentication data are inaccessible to a user of the electronic device;
providing authentication software in said electronic device, the authentication data being accessible to said authentication software;
activating the authentication software to regenerate a digital signature from the authentication data;
providing the digital signature to the authentication software by an application accessing digital data having a digital signature embedded therein; and
comparing the regenerated digital signature with the embedded digital signature.
-
-
28. Method for encrypting digital data on an electronic device using an encryption key, the method comprising:
-
gathering session specific data;
hashing said session specific data to obtain reference numbers referring to positions in an authentication table stored in said electronic device;
generating said encryption key from the characters stored in the authentication table at said positions; and
encrypting said digital data using said encryption key.
-
-
29. System for performing an electronic transaction between a first transaction party and a second transaction using an electronic device operated by the first transaction party, the system comprising:
-
means for providing authentication data in a memory of said electronic device which authentication data are inaccessible to a user of the electronic device;
means for providing authentication software in said electronic device, the authentication data being accessible to said authentication software;
means for activating the authentication software to generate a digital signature from the authentication data;
means for providing the digital signature to the second transaction party; and
means for providing digital data from the second transaction party to the first transaction party.
-
-
30. System for performing a verification of legitimate use of digital data on an electronic device, the system comprising:
-
means for providing authentication data in a memory of said electronic device which authentication data are inaccessible to a user of the electronic device;
means for providing authentication software in said electronic device, the authentication data being accessible to said authentication software;
means for activating the authentication software to generate a digital signature from the authentication data;
means for providing the digital signature to the authentication software by an application accessing digital data having a digital signature embedded therein; and
means for comparing the regenerated digital signature with the embedded digital signature.
-
-
31. System for encrypting digital data using an encryption key, the system comprising:
-
means for providing authentication data in a memory of said electronic device which authentication data are inaccessible to a user of the electronic device;
means for providing authentication software in said electronic device, the authentication data being accessible to said authentication software;
means for activating the authentication software to generate a digital signature from the authentication data;
means for gathering session specific data;
means for hashing said session specific data to obtain reference numbers referring to positions in an authentication table stored in said electronic device;
means for generating said encryption key from the characters stored in the authorization table at said positions; and
means for encrypting said digital data using said encryption key.
-
Specification