SYSTEM AND METHOD OF PERFORMING ELECTRONIC TRANSACTIONS

US 20090132808A1
Filed: 11/19/2008
Published: 05/21/2009
Est. Priority Date: 11/19/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling electronic transactions between a server computer and a client computer, the method comprising the steps of:

running a first communication protocol with encrypted data transmission and mutual authentication with the server computer,performing a decryption of encrypted server responses received from the server computer,forwarding the decrypted server responses to the client computer,receiving client requests to be sent to the server computer from the client computer,parsing the client requests for predefined transaction information,encrypting and forwarding client requests that do not contain any predefined transaction information to the server computer,displaying the predefined transaction information upon detection in a client request on a hardware device display of a hardware device,forwarding and encrypting the client request containing the predefined transaction information to the server computer if a user confirmation is received,canceling the electronic transaction if no user confirmation is received.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.

118 Citations

View as Search Results

26 Claims

1. A method of controlling electronic transactions between a server computer and a client computer, the method comprising the steps of:
- running a first communication protocol with encrypted data transmission and mutual authentication with the server computer,performing a decryption of encrypted server responses received from the server computer,forwarding the decrypted server responses to the client computer,receiving client requests to be sent to the server computer from the client computer,parsing the client requests for predefined transaction information,encrypting and forwarding client requests that do not contain any predefined transaction information to the server computer,displaying the predefined transaction information upon detection in a client request on a hardware device display of a hardware device,forwarding and encrypting the client request containing the predefined transaction information to the server computer if a user confirmation is received,canceling the electronic transaction if no user confirmation is received.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, further comprising the steps of:
    - displaying the decrypted server responses on a client computer display of the client computer.
  - 3. A method according to claim 1, further comprising the steps of:
    - running in a normal mode of operation a second communication protocol between a browser application of the client computer and the server computer via a proxy application of the client computer,running in a secure mode of operation the first communication protocol between the server computer and the hardware device,routing in the secure mode of operation client requests from the browser application via the proxy application to the hardware device and from the hardware device via the proxy application to the server computer,routing in the secure mode of operation server responses from the server computer via the proxy application to the hardware device and from the hardware device via the proxy application to the browser application.
  - 4. A method according to claim 3, further comprising the steps of:
    - parsing client requests for a predefined set of client requests by the proxy application,initiating the secure mode of operation by the proxy application upon detection of a predefined client request.
  - 5. A method according to claim 1, further comprising, before forwarding the decrypted server responses from the hardware device to the client computer, the steps of:
    - parsing the server responses for predefined transaction information by the hardware device,forwarding server responses that do not contain any predefined transaction information to the client computer by the hardware device,displaying the predefined transaction information upon detection in a server response on the hardware device display of the hardware device,forwarding the server response containing the predefined transaction information to the client computer if a user confirmation is received,canceling the predefined transaction if no user confirmation is received.
  - 6. A method according to claim 1, wherein the first communication protocol comprises:
    - a network layer comprising a protocol according to the Secure Sockets Layer (SSL)-standard or according to the Transport Layer Security (TLS)-standard and a protocol according to the Transmission Control Protocol/Internet Protocol (TCP/IP)-standard.
  - 7. A method according to claim 1, wherein the first communication protocol comprises:
    - an application layer comprising the Hyper Text Transfer Protocol (HTTP).
  - 8. A method according to claim 3, wherein the second communication protocol comprises:
    - a network layer comprising the Transmission Control Protocol/Internet Protocol (TCP/IP) and an application layer comprising the Hyper Text Transfer Protocol (HTTP).
  - 9. A method according to claim 1, further comprising the step of:
    - performing a user authentication by the server computer.
  - 10. A method according to claim 1, further comprising the step of:
    - performing a user authentication by the hardware device.

11. A hardware device for controlling electronic transactions, the hardware device comprising a hardware device display and a hardware device interface unit, wherein the hardware device interface unit is provided for coupling the hardware device to a client computer wherein the hardware device is configured to:
- run a first communication protocol with encrypted data transmission and mutual authentication with a server computer,perform a decryption of encrypted server responses received from the server computer,forward the decrypted server responses to the client computer,receive client requests to be sent from the client computer to the server computer,parse the client requests for predefined transaction information,encrypt and forward client requests that do not contain any predefined transaction information to the server computer,display the predefined transaction information upon detection in a client request on the hardware device display,forward and encrypt client requests containing the predefined transaction information to the server computer if a user confirmation is received,cancel the predefined transaction if no user confirmation is received.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The hardware device according to claim 11, wherein the hardware device comprises:
    - a security token for storing security sensitive data.
  - 13. The hardware device according to claim 11, wherein the hardware device comprises:
    - a smart card reader for reading security sensitive data from a smart card.
  - 14. The hardware device according to claim 11, wherein the hardware device has a predefined level of tamper-resistance.
  - 15. The hardware device according to claim 14, wherein the predefined level of tamper-resistance of the hardware device is higher than the level of tamper-resistance of the client computer.
  - 16. The hardware device according to claim 11, wherein the hardware device is designed in such a way that no software applications can be loaded onto the hardware device.
  - 17. The hardware device according to claim 12, wherein the security sensitive data comprises a private key and trust root information.
  - 18. The hardware device according to claim 13, wherein the security sensitive data comprises a private key and trust root information.
  - 19. The hardware device according to claim 11, wherein the hardware device comprises:
    - a hardware device input unit for confirming and/or canceling a transaction.

20. A computer readable article of manufacture tangibly embodying computer readable instructions to carry out a method comprising the steps of:
- forwarding in a normal mode of operation client requests received from a browser application of the client computer to a server computer of a communication network,forwarding in the normal mode of operation server responses received from the server computer to the browser application of the client computer,forwarding in a secure mode of operation client requests from the browser application to a hardware device and from the hardware device to the server computer,forwarding in the secure mode of operation server responses received from the server computer to the hardware device and from the hardware device to the browser application.
- View Dependent Claims (21)
- - 21. A computer readable article of manufacture according to claim 20, wherein the method further comprises the steps of:
    - parsing client requests for a predefined set of client requests,initiating the secure mode upon detection of a predefined client request.

22. A method of controlling electronic transactions between a server computer and a client computer, the method comprising the steps of:
- running a first communication protocol with encrypted data transmission and mutual authentication with the server computer,performing a decryption of encrypted server responses received from the server computer,parsing the server responses for predefined transaction information,forwarding server responses that do not contain any predefined transaction information to the client computer,displaying the predefined transaction information upon detection in a server response on a hardware device display of a hardware device,forwarding the server response containing the predefined transaction information to the client computer if a user confirmation is received,canceling the predefined transaction if no user confirmation is received.

23. A hardware device for controlling electronic transactions, comprising a hardware device display and a hardware device interface unit, wherein the hardware device interface unit is provided for coupling the hardware device to a client computer wherein the hardware device is configured to:
- run a first communication protocol with encrypted data transmission and mutual authentication with a server computer,perform a decryption of encrypted server responses received from the server computer,parse the server responses for predefined transaction information,forward server responses that do not contain any predefined transaction information to the client computer,display the predefined transaction information upon detection in a server response on the hardware device display,forward server responses containing the predefined transaction information to the client computer if a user confirmation is received,cancel the predefined transaction if no user confirmation is received.

24. A client computer being connectable via a first interface to a communication network and via a second interface to a hardware device, the client computer comprising:
- a browser application for browsing the communication network and a proxy application;
  
  the proxy application being adapted to;
  
  forward in a normal mode of operation client requests received from the browser application of the client computer to a server computer of the communication network,forward in the normal mode of operation server responses received from the server computer to the browser application of the client computer,forward in a secure mode of operation client requests from the browser application to the hardware device and from the hardware device to the server computer,forward in the secure mode of operation server responses received from the server computer to the hardware device and from the hardware device to the browser application, wherein the client computer is adapted to perform in the secure mode of operation electronic transactions with the server computer via the hardware device and via the communication network.
- View Dependent Claims (25, 26)
- - 25. The client computer according to claim 24, wherein the proxy application is adapted toparse client requests for a predefined set of client requests,initiate the secure mode of operation upon detection of a predefined client request.
  - 26. The client computer according to claim 24, wherein the secure mode is initiated by sending a secure mode enable-signal from the proxy application to the hardware device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Buhler, Peter, Eirich, Thomas, Visegrady, Tamas, Kramp, Thorsten, Weigold, Thomas, Baentsch, Michael, Hermann, Reto Josef

Application Number

US12/274,100
Publication Number

US 20090132808A1
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

G06Q 20/08   Payment architectures

G06Q 20/42   Confirmation, e.g. check or...

H04L 2463/102   applying security measure f...

H04L 63/0471   applying encryption by an i...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/166   at the transport layer

H04L 67/01   Protocols

SYSTEM AND METHOD OF PERFORMING ELECTRONIC TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

118 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD OF PERFORMING ELECTRONIC TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others