Consumer-driven secure sockets layer modulator

US 20070291936A1
Filed: 02/12/2007
Published: 12/20/2007
Est. Priority Date: 02/10/2006
Status: Active Grant

First Claim

Patent Images

1. A client computer based method for executing secure electronic transactions over a communications network, the method comprising:

querying an exclusion list with a domain name associated with a transaction site to determine if a security of the transaction site needs verification; and

if the transaction site is not on the exclusion list, initiating the verification by querying an allowed list with the domain name to determine if the transaction site is allowed to continue the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software system and method for executing secure commercial transactions online is disclosed. The system intercepts and verifies, against consumer provided inputs, Secure Socket Layer (SSL) communications from normal Web browser usage. The system can include a software module loaded onto the consumer'"'"'s client computer, and which uses independently-derived look-ups to associate a web domain name with its SSL public key to verify that a given web session is appropriately encrypted.

22 Citations

View as Search Results

20 Claims

1. A client computer based method for executing secure electronic transactions over a communications network, the method comprising:
- querying an exclusion list with a domain name associated with a transaction site to determine if a security of the transaction site needs verification; and
  
  if the transaction site is not on the exclusion list, initiating the verification by querying an allowed list with the domain name to determine if the transaction site is allowed to continue the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method in accordance with claim 1, further comprising, if the transaction site is on the allowed list, retrieving an encryption key for the transaction site from a known public key list.
  - 3. A method in accordance with claim 2, further comprising determining if the encryption key received from the transaction site matches a public key from the known public key list.
  - 4. A method in accordance with claim 3, if the encryption key received from the transaction site does not match the public key from the known public key list, generating a notification of a potential issue for a user.
  - 5. A method in accordance with claim 3, if the encryption key received from the transaction site matches the public key from the known public key list, continuing the transaction with the transaction site.
  - 6. A method in accordance with claim 5, further comprising updating the exclusion list with a domain name associated with the transaction site.
  - 7. A method in accordance with claim 1, wherein querying an exclusion list with a domain name of a transaction site further includes comparing the domain name associated with the transaction site with a list of domain names in the exclusion list.
  - 8. A method in accordance with claim 1, wherein querying an allowed list with the domain name further includes comparing the domain name associated with the transaction site with a list of domain names in the allowed list.

9. A client computer based method for executing secure electronic transactions over a communications network, the method comprising:
- intercepting secure socket layer (SSL) communications with a transaction site on a server; and
  
  verifying that a web session associated with the SSL communications is appropriately encrypted, by associating, against user-provided inputs, a domain name of the transaction site with its SSL public key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A method in accordance with claim 9, wherein the user-provided inputs includes an exclusion list of domain names of transaction sites that are excluded from the association of the domain name of the transaction site with its SSL public key.
  - 11. A method in accordance with claim 9, wherein the user-provided inputs includes an allowed list of domain names of transaction sites for which transactions with the client computer are allowed by the user.
  - 12. A method in accordance with claim 10, wherein verifying that the web session associated with the SSL communications further includes comparing the domain name of the transaction site with domain names in the excluded list.
  - 13. A method in accordance with claim 12, wherein verifying that the web session associated with the SSL communications further includes comparing the domain name of the transaction site with domain names in the allowed list.
  - 14. A method in accordance with claim 9, further comprising, if the web session is not verified as appropriately encrypted, generating a notification for the user.
  - 15. A method in accordance with claim 9, wherein verifying that the web session associated with the SSL communications further comprises comparing the SSL public key of the transaction site with a known public key list.
  - 16. A method in accordance with claim 15, further comprising determining if the SSL public key of the transaction site matches an encryption key in the known public key list.

17. A client system for executing secure electronic transactions over a communications network, the system comprising:
- a secure transaction module configured to intercept secure socket layer (SSL) communications from a transaction site on a server, and verify that a web session associated with the SSL communications is appropriately encrypted, by associating, against user-provided inputs, a domain name of the transaction site with its SSL public key.
- View Dependent Claims (18, 19, 20)
- - 18. A system in accordance with claim 17, further comprising a domain name table accessible by the secure transaction module and having a list of domain names that are excluded from the associating of the domain name of the transaction site with its SSL public key.
  - 19. A system in accordance with claim 18, wherein the domain name table further has a list of domain names for which transactions are allowed.
  - 20. A system in accordance with claim 17, further comprising a public key table accessible by the secure transaction module and having a list of known public encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fair Isaac Corporation
Original Assignee
Fair Isaac Corporation
Inventors
Martin, Ronald, Crawford, Stuart, Milana, Joseph

Granted Patent

US 9,438,570 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

G06Q 20/38   Payment protocols; Details ...

G06Q 20/382   insuring higher security of...

G07F 7/084   Additional components relat...

H04L 63/0442   wherein the sending and rec...

H04L 63/166   at the transport layer

Consumer-driven secure sockets layer modulator

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Consumer-driven secure sockets layer modulator

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links