CERTIFIED DEPLOYMENT OF APPLICATIONS ON TERMINALS

US 20080065550A1
Filed: 11/13/2007
Published: 03/13/2008
Est. Priority Date: 10/30/2004
Status: Abandoned Application

First Claim

Patent Images

1. At a terminal key management server, a method for electronically certifying an application for installation at a transaction terminal, the method comprising:

an act of receiving one or more transaction terminal constraints representing advertised available resources of a purchasable operating environment at the transaction terminal, the advertised available resources advertised to application servers to indicate to the application servers that the purchasable operating environment is available for purchase to run applications at the transaction terminal;

an act of receiving an application along with a request to certify the application for use within the purchasable operating environment, the application and request to certify the application received from an application server in response to the advertised available resources of the purchasable operating environment being advertised at the application server;

an act of comparing the application to the received one or more transaction terminal constraints to determine whether the application complies with the one or more transaction terminal constraints and can be compatibly executed using the advertised available resources within the purchasable operating environment, if the application complies with the one or more transaction terminal constraints, an act of issuing a certificate that corresponds to the application and certifies that the application complies with the one or more transaction terminal constraints;

an act of digitally signing the certificate using an application management private key, the application management private key being part of a public/private key pair, the corresponding application management public key being accessible to the transaction terminal;

an act of encrypting the application using a terminal master public key, the terminal master public key being part of a public/private key pair, the corresponding terminal master private key being accessible to the transaction terminal; and

an act of making the digitally signed certificate and the encrypted application available to the transaction terminal.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention relate to secure deployment of software applications on transaction terminals using keys and certificates. In one embodiment, a method for electronically certifying an application for installation at a transaction terminal is accomplished at a terminal key management server by receiving an application along with a request to certify the application, comparing the application to one or more terminal constraints, issuing a certificate that corresponds to the application, digitally signing the certificate, and making the digitally signed certificate and the encrypted application available to the transaction terminal. In another embodiment, a method for validating a certified application for installation on the transaction terminal is accomplished by receiving a notification, downloading an encrypted version of the application, downloading a digitally signed certificate, decrypting the application, verifying the digital signature of the certificate, and installing the application on the transaction terminal.

Citations

20 Claims

1. At a terminal key management server, a method for electronically certifying an application for installation at a transaction terminal, the method comprising:
- an act of receiving one or more transaction terminal constraints representing advertised available resources of a purchasable operating environment at the transaction terminal, the advertised available resources advertised to application servers to indicate to the application servers that the purchasable operating environment is available for purchase to run applications at the transaction terminal;
  
  an act of receiving an application along with a request to certify the application for use within the purchasable operating environment, the application and request to certify the application received from an application server in response to the advertised available resources of the purchasable operating environment being advertised at the application server;
  
  an act of comparing the application to the received one or more transaction terminal constraints to determine whether the application complies with the one or more transaction terminal constraints and can be compatibly executed using the advertised available resources within the purchasable operating environment, if the application complies with the one or more transaction terminal constraints, an act of issuing a certificate that corresponds to the application and certifies that the application complies with the one or more transaction terminal constraints;
  
  an act of digitally signing the certificate using an application management private key, the application management private key being part of a public/private key pair, the corresponding application management public key being accessible to the transaction terminal;
  
  an act of encrypting the application using a terminal master public key, the terminal master public key being part of a public/private key pair, the corresponding terminal master private key being accessible to the transaction terminal; and
  
  an act of making the digitally signed certificate and the encrypted application available to the transaction terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 20)
- - 2. The method as recited in claim 1, wherein the one or more transaction terminal constraints are configurable by the owner of the transaction terminal.
  - 3. The method as recited in claim 1, wherein the one or more transaction terminal constraints are negotiated between the owner of the transaction terminal and the owner of the application.
  - 4. The method as recited in claim 1, wherein the one or more transaction terminal constraints specify the maximum amount of terminal hardware and software resources that the application can utilize.
  - 5. The method as recited in claim 1, wherein the one or more transaction terminal constraints specify the security priority of the application.
  - 6. The method as recited in claim 1, wherein the certificate contains information about each of the one or more terminal constraints.
  - 7. The method as recited in claim 1, wherein the act of making the digitally signed certificate and the encrypted application available to the transaction terminal comprises sending the certificate and encrypted application to a download server from which the transaction terminal can download the certificate and the encrypted application.
  - 8. The method as recited in claim 1, wherein the application comprises a STIP application written in JAVA that has been translated into a JEFF file.
  - 9. The method as recited in claim 1, wherein the application along with a request to certify the application are received in response to an electronic advertisement from the transaction terminal of available resource on the transaction terminal.
  - 20. The method as recited in claim 1, wherein the one or more transaction terminal constraints specify that only debit/credit type applications can be accepted at the transaction terminal.

10. At a transaction terminal, a method for validating a certified application for installation on the transaction terminal, the method comprising:
- an act of advertising available resources of a purchasable operating environment at the transaction terminal, the advertised available resources advertised to application servers to indicate to the application servers that the purchasable operating environment is available for purchase to run applications at the transaction terminal;
  
  an act of sending one or more transaction terminal constraints representing the advertised available resources to a management server;
  
  an act of receiving a notification that a certified application is ready to be installed, the notification indicative of the management server having compared the certified application to the one or more transaction terminal constraints to determine that the certified application complies with the one or more transaction terminal constraints and can be compatibly executed using the advertised available resources within the purchasable operating environment;
  
  in response to receiving the notification, an act of downloading an encrypted version of the application at the transaction terminal, the encrypted version of the application being encrypted with a terminal master public key, the terminal master public key being part of a public/private key pair, the corresponding terminal master private key being accessible to the transaction terminal;
  
  an act of downloading a digitally signed certificate that corresponds to the encrypted version of the application, the digitally signed certificate certifying that the application complies with one or more transaction terminal constraints, the certificate being digitally signed using an application management private key, the application management private key being part of a public/private key pair, the corresponding application management public key being accessible to the transaction terminal;
  
  an act of decrypting the encrypted version of the application using the terminal master private key to reveal an unencrypted version of the application;
  
  an act of verifying the digital signature of the certificate using the application management public; and
  
  an act of automatically installing the application on the transaction terminal for use within the purchasable operating environment in response to verifying the digital signature.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method as recited in claim 10, wherein the certificate specifies the one or more transaction terminal constraints.
  - 12. The method as recited in claim 11, wherein the one or more transaction terminal constraints specify the maximum amount of hardware and software resources of the transaction terminal that the application can utilize.
  - 13. The method as recited in claim 12, wherein an act of verifying the digital signature of the certificate using the application management public key to determine whether the corresponding application has been validly certified as complying with one or more transaction terminal constraints of the transaction terminal further comprises determining whether the transaction terminal has sufficient hardware and software resources available to support the maximum amount of hardware and software resources as specified in the certificate.
  - 14. The method as recited in claim 10, wherein the transaction terminal advertising available resources and at which the application is automatically installed is an ATM.
  - 15. The method as recited in claim 11, wherein the one or more transaction terminal constraints specify the security priority of the application.
  - 16. The method as recited in claim 10, further comprising an act of constraining the application to the security priority specified in the certificate.
  - 17. The method as recited in claim 10, wherein the application comprises a STIP application written in JAVA that has been translated into a JEFF file.
  - 18. The method as recited in claim 10, wherein the purchasable operating environment on the transaction terminal comprises a platform that has been designed and specifically optimized for running third-party STIP applications.

19. A computer program product of ruse at a terminal key management server, the computer program product for implementing a method for electronically certifying an application for installation at a transaction terminal, the computer program product comprising one or more computer-readable media having stored thereon computer-executable instructions that, when executed at a processor, cause the terminal key management server to perform the method including the following:
- receive one or more transaction terminal constraints representing advertised available resources of a purchasable operating environment at the transaction terminal, the advertised available resources advertised to application servers to indicate to the application servers that the purchasable operating environment is available for purchase to run applications at the transaction terminal;
  
  receive an application along with a request to certify the application for use within the purchasable operating environment, the application and request to certify the application received from an application server in response to the advertised available resources of the purchasable operating environment being advertised at the application server;
  
  compare the application to the received one or more transaction terminal constraints to determine whether the application complies with the one or more transaction terminal constraints and can be compatibly executed using the advertised available resources within the purchasable operating environment if the application complies with the one or more transaction terminal constraints, issue a certificate that corresponds to the application and certifies that the application complies with the one or more transaction terminal constraints;
  
  digitally sign the certificate using an application management private key, the application management private key being part of a public/private key pair, the corresponding application management public key being accessible to the transaction terminal;
  
  encrypt the application using a terminal master public key, the terminal master public key being part of a public/private key pair, the corresponding terminal master private key being accessible to the transaction terminal; and
  
  make the digitally signed certificate and the encrypted application available to the transaction terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shera International Limited
Original Assignee
Shera International Limited
Inventors
Kubiczek, Maciej, Crosetti, Victor, Zhu, Kaishen

Application Number

US11/939,529
Publication Number

US 20080065550A1
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

H04L 63/0442 wherein the sending and rec...

H04L 63/0823 using certificates cryptogr...

CERTIFIED DEPLOYMENT OF APPLICATIONS ON TERMINALS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CERTIFIED DEPLOYMENT OF APPLICATIONS ON TERMINALS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links