Method and System for a Virtual Safe

US 20090210347A1
Filed: 11/05/2008
Published: 08/20/2009
Est. Priority Date: 04/14/2000
Status: Abandoned Application

First Claim

Patent Images

1. A multi-tiered, identity and consent management system, driven by policy and legally bound strong authentication that enables powerful security and privacy when processing electronic data and transactions, comprising:

authentication authority means for strongly registering users, performing identification authenticity, authentication, authorization and enabling Single Sign On of all user(s) and parties involved in transaction;

means for authenticating all parties involved in a transaction including the user(s), the application, the network access, the transaction and the communication layers, providing a legally binding mechanism between a secure processing environment and strong user(s) authentication;

means for strongly authenticating other user(s) required to initiate a transaction;

means for carrying out a user'"'"'s online accountable transaction without having to provide vendors with sensitive personal information, said means acting as a trusted third party;

means for mediating user present and user non-present, anonymous, accountable transactions between parties;

application/repository means, set-up by a dynamic policy, regulated by a transaction risk management module for performing intermediate vetting, a back-end authentication module, and a transaction fulfillment mechanism for determining the type of delivery to be made and effecting the transaction, said policy regulating the process of all transactional data;

means for providing user-only control over their personal information in a multi-jurisdictional interoperable node architecture that supports global corporate applications, in compliance with regulations for privacy, data protection and security;

means for communicating with different standard-by-standard interfaces where application dependent data received by said system can be processed to change formatting of Public Key Infrastructure (PKI) data or other application data and be forwarded to user(s) or said application/repository, integrating seamlessly with new security and privacy standards and empowering exchange of customer private information, according to a consensual agreement;

means for communicating between different environments via industry standard interfaces and modular design, allowing implementation interchange with different applications, implemented as a new security layer in round of existing applications, links between data sources being protected using user(s) unique encryption as defined by a data bundling policy;

means for preparing and storing a fulfillment record in an anonymous format, securely linking transactional data with user name; and

means for processing and fragmenting data via a cryptographic algorithm which dislocates symmetrically/asymmetrically, fragments of cryptographic material and fattening material to different locations, known only to user(s) triangulation of granulated and dislocated data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A transaction server for performing a transaction over a network using a virtual smart card the server comprising, a virtual smart card database having a plurality of records each record including a virtual card identification and a value corresponding to a single virtual smart card; a security module; an emulator for emulating a smart card, the emulator for receiving smart card commands and processing the commands in conjunction with the virtual smart card database and the security module; and a virtual card reader module for receiving the smart card commands and relaying the commands to the smart card emulator whereby transactions are performed over the network using one or more the records and the virtual smart card database.

Citations

20 Claims

1. A multi-tiered, identity and consent management system, driven by policy and legally bound strong authentication that enables powerful security and privacy when processing electronic data and transactions, comprising:
- authentication authority means for strongly registering users, performing identification authenticity, authentication, authorization and enabling Single Sign On of all user(s) and parties involved in transaction;
  
  means for authenticating all parties involved in a transaction including the user(s), the application, the network access, the transaction and the communication layers, providing a legally binding mechanism between a secure processing environment and strong user(s) authentication;
  
  means for strongly authenticating other user(s) required to initiate a transaction;
  
  means for carrying out a user'"'"'s online accountable transaction without having to provide vendors with sensitive personal information, said means acting as a trusted third party;
  
  means for mediating user present and user non-present, anonymous, accountable transactions between parties;
  
  application/repository means, set-up by a dynamic policy, regulated by a transaction risk management module for performing intermediate vetting, a back-end authentication module, and a transaction fulfillment mechanism for determining the type of delivery to be made and effecting the transaction, said policy regulating the process of all transactional data;
  
  means for providing user-only control over their personal information in a multi-jurisdictional interoperable node architecture that supports global corporate applications, in compliance with regulations for privacy, data protection and security;
  
  means for communicating with different standard-by-standard interfaces where application dependent data received by said system can be processed to change formatting of Public Key Infrastructure (PKI) data or other application data and be forwarded to user(s) or said application/repository, integrating seamlessly with new security and privacy standards and empowering exchange of customer private information, according to a consensual agreement;
  
  means for communicating between different environments via industry standard interfaces and modular design, allowing implementation interchange with different applications, implemented as a new security layer in round of existing applications, links between data sources being protected using user(s) unique encryption as defined by a data bundling policy;
  
  means for preparing and storing a fulfillment record in an anonymous format, securely linking transactional data with user name; and
  
  means for processing and fragmenting data via a cryptographic algorithm which dislocates symmetrically/asymmetrically, fragments of cryptographic material and fattening material to different locations, known only to user(s) triangulation of granulated and dislocated data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The system of claim 1 wherein said network is selected from the group consisting of:
    - conventional,Internet,Intranet,wired, andwireless networks
  - 3. The system of claim 1, wherein said system is applied to a sector selected from the group consisting of:
    - private,business,financial,insurance,institutional,entertainment,healthcare, andgovernment.
  - 4. The system of claim 1 wherein said means for strongly authenticating other user(s) comprises means for strongly authenticating other user(s) via user collective/assembly authentication.
  - 5. The system of claim 1 wherein said means for strongly authenticating other user(s) comprises means for strongly authenticating other user(s) via strong resource reference validation.
  - 6. The system of claim 5 wherein said means for strongly authenticating other user(s) via strong resource reference validation comprises means to performing server, computer, device and application log-off authentication by user(s).
  - 7. The system of claim 1 wherein said means for allowing a user to carry out an online accountable transaction comprises means for allowing a user to carry out a personalized, anonymous or pseudonymous online accountable transaction.
  - 8. The system of claim 1 wherein said means for mediating user present and user non-present, anonymous, accountable transactions comprises means for mediating accountable transactions between users and patties selected from the group consisting of:
    - customers,government, andbusinesses including merchants, payment processors, shippers, and other potential e-commerce partners.
  - 9. The system of claim 1 wherein said means for mediating user present and user non-present, anonymous, accountable transactions comprises means for mediating micro payment transactions between all parties, including administrative and legal transaction settlements according to agreements between the parties.
  - 10. The system of claim 1 wherein said means for providing user-only control over personal information comprises means for providing user-only control over personal information in compliance with regulations selected from the group consisting of:
    - USA HIPAA,Gramm-Leach-Bliley Act,Sarbanes-Oxley Act,Canadian PIPEDA/Bill C-6,European Union (EU) Directives, andJapanese and Australian privacy, data protection and security legislation.
  - 11. The system of claim 1 wherein said system comprises means for supporting industry wide integration of its modules to comprehensive requirements of global business, seamlessly complying with ongoing European Union (EU) Directives, privacy issues and international agreements including “
    - Safe Harbour”
      
      .
  - 12. The system of claim 1 wherein said application/repository is selected from the group consisting of:
    - a central repository,a distributed repository,an internal repository, andan external repository.
  - 13. The system of claim 1 wherein said means for preparing and storing a fulfillment record comprises means for preparing and storing a fulfillment record in anonymous format, securely linking transactional data with the user name, which will only release true secure process user(s) uniquely granulated escrow or backup keys and decrypt data, it a match is made with respect to one selected from the group consisting of, a granted user'"'"'s authorization, a Power of Attorney'"'"'s authorization, or consent.
  - 14. The system of claim 1 wherein said means for preparing and storing a fulfillment record comprises means for preparing and storing a fulfillment record which can be matched using a token selected from the group consisting of:
    - a smart card,a virtual smart card,a cellular device,an RF device,a combination of active or passive devices,an REID device,a Proximity device, anda tag application, device or application based ID.
  - 15. The system of claim 1 wherein said fulfillment record comprises physical access control data.
  - 16. The system of claim 1 wherein said fulfillment record comprises a unique single or assembly/collective data encryption algorithm(s).
  - 17. The system of claim 1 wherein said fulfillment record comprises unique user private and public keys stored in encrypted format that are accessible only by user presence in a session.
  - 18. The system of claim 1 wherein said fulfillment record comprises unique private and public user keys stored in encrypted format that are accessible only by a user Power of Attorney module.
  - 19. The system of claim 1 wherein said fulfillment record comprises unique private and public user keys stored in encrypted format that are accessible only by a user proxy authorization.

20. A method for providing a multi-tiered, identity and consent management system, driven by policy and legally bound strong authentication that enables powerful security and privacy when processing electronic data and transactions, comprising the steps of:
- strongly registering users, performing identification authenticity, authentication, authorization and enabling Single Sign On of all user(s) and parties involved in transaction;
  
  authenticating all parties involved in a transaction including the user(s), the application, the network access, the transaction and the communication layers, providing a legally binding mechanism between a secure processing environment and strong user(s) authentication;
  
  strongly authenticating other user(s) required to initiate a transaction;
  
  carrying out a user'"'"'s online accountable transaction without having to provide vendors with sensitive personal information, said means acting as a trusted third party;
  
  mediating user present and user non-present, anonymous, accountable transactions between parties;
  
  providing users-only control over their personal information in a multi-jurisdictional interoperable node architecture that supports global corporate applications, in compliance with regulations for privacy, data protection and security;
  
  communicating with different standard-by-standard interfaces where application dependent data received by said system can be processed to change formatting of Public Key Infrastructure (PKI) data or other application data and be forwarded to user(s) or said application/repository, integrating seamlessly with new security and privacy standards and empowering exchange of customer private information, according to a consensual agreement;
  
  communicating between different environments via industry standard interfaces and modular design, allowing implementation interchange with different applications, implemented as a new security layer in round of existing applications, links between data sources being protected using user(s) unique encryption as defined by a data bundling policy;
  
  preparing and storing a fulfillment record in an anonymous format, securely linking transactional data with user name, in an application/repository, set-up by a dynamic policy, regulated by a transaction risk management module for performing intermediate vetting, a back-end authentication module, and a transaction fulfillment mechanism for determining the type of delivery to be made and effecting the transaction, said policy regulating the process of all transactional data; and
  
  processing and fragmenting data via a cryptographic algorithm which dislocates symmetrically/asymmetrically, fragments of cryptographic material and fattening material to different locations, known only to user(s) triangulation of granulated and dislocated data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Branko Sarcanin
Original Assignee
Branko Sarcanin
Inventors
Sarcanin, Branko

Application Number

US12/265,445
Publication Number

US 20090210347A1
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/102   Bill distribution or payments

G06Q 20/105   involving programming of a ...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 40/00   Finance; Insurance; Tax str...

G07F 7/0826   Embedded security module

G07F 7/10   together with a coded signa...

Method and System for a Virtual Safe

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for a Virtual Safe

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links