SYSTEM AND METHOD FOR PARTNER KEY MANAGEMENT

US 20100332399A1
Filed: 06/29/2010
Published: 12/30/2010
Est. Priority Date: 06/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for establishing an interoperable credential for use in an online transaction between a user and an institution, the method comprising:

receiving, by an institution computer, a request from the user for the registration of a credential provided by a credential provider independently selected by the user, wherein the request is signed by a user'"'"'s digital signature;

examining, by the institution computer, the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with a manifest of credential usage associated with the financial institution; and

authorizing, by the financial institution, the credential to represent the user with regard to an online transaction with the institution, wherein the credential is interoperable with at least one other institution.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for implementing an interoperable credential management protocol for processing online transactions. The protocol, referred to as the Partner Key Management (PKM) protocol provides an improved alternative to traditional public key, infrastructure (PKI), particularly for use in high-value commercial transactions which require additional controls on the use of credentials for authentication and authorization. According to the PKM protocol, a user may take advantage of credential interoperability by using the same credential at a plurality of different financial institutions for authentication or digital signatures. Additionally, the credential interoperability achieved according to the PKM protocol allows the user to employ the same credential at a plurality of financial institutions for the purpose of digital or electronic signatures.

Citations

23 Claims

1. A method for establishing an interoperable credential for use in an online transaction between a user and an institution, the method comprising:
- receiving, by an institution computer, a request from the user for the registration of a credential provided by a credential provider independently selected by the user, wherein the request is signed by a user'"'"'s digital signature;
  
  examining, by the institution computer, the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with a manifest of credential usage associated with the financial institution; and
  
  authorizing, by the financial institution, the credential to represent the user with regard to an online transaction with the institution, wherein the credential is interoperable with at least one other institution.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising the steps of:
    - receiving, by the institution computer, an approval of the interoperable credential from an approver representing the user'"'"'s organization; and
      
      determining, by the institution computer, whether the approver is on a list of approvers.
  - 3. The method of claim 2, wherein an approval is received from multiple approvers.
  - 4. The method of claim 2, wherein an approval is received from multiple approvers with different roles.
  - 5. The method of claim 1 further comprising:
    - receiving, by the institution computer, a requested online transaction from the user, the requested transaction comprising the interoperable credential and the user'"'"'s digital signature, andauthorizing, by the institution computer, the requested online transaction if the user'"'"'s digital signature complies with the manifest of credential usage.
  - 6. The method of claim 1, wherein the institution is a financial institution.

7. A method for establishing an interoperable credential for use in an online transaction between a user and a plurality of institutions, the method comprising:
- obtaining a credential from a credential provider;
  
  sending a first request to a first institution for registration of the credential to represent the user with regard to an online transaction with the first institution;
  
  sending a second request to a second institution for registration of the credential to represent the user with regard to an online transaction with the second institution; and
  
  receiving confirmation from the first institution and the second institution that the credential is registered, thereby establishing the credential as an interoperable credential.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7 further comprising a step of engaging in a first online transaction with the first financial institution using the interoperable credential.
  - 9. The method of claim 8 further comprising a step of engaging in a second online transaction with the second financial institution using the interoperable credential.

10. A method for securely processing an online transaction between a user and a first financial institution, the method comprising:
- receiving, by a first financial institution partner key management module, information from a validator relating to a request for a transaction on behalf of a user, the information comprising a user-signed transaction request counter-signed by a validator, a signed revocation statement, and a partner key practice statement signed by the validator; and
  
  validating, by the first financial institution partner key management module, the information according to a manifest of credential usage associated with the first financial institution and, if validated, processing the requested transaction.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of claim 10, wherein the manifest of credential usage associated with the first institution comprises a machine-readable statement including the financial institution'"'"'s policy for accepting a digital signature.
  - 12. The method of claim 10, wherein the user-signed transaction request is signed by a user credential.
  - 13. The method of claim 12, wherein the user credential is registered with the financial institution.
  - 14. The method of claim 10, wherein the user credential is interoperable.
  - 15. The method of claim 14, wherein the interoperable credential is used to secure a transaction with a second financial institution according to the second financial institution'"'"'s manifest of credential usage.
  - 16. The method of claim 15, wherein the first financial institution'"'"'s manifest of credential usage is different than the second financial institution'"'"'s manifest of credential usage.
  - 17. The method of claim 10, wherein the validator is the user or a corporation associated with the user.
  - 18. The method of claim 10, wherein the validator is a third party trusted by both the user and the first financial institution.
  - 19. The method of claim 10, wherein the validator is the first financial institution.
  - 20. The method of claim 10, wherein a plurality of other financial institutions respectively accept a manifest of credential usage that is the same as the first financial institution'"'"'s manifest of credential usage.

21. A computer-readable medium comprising computer executable software code tangibly embodied thereon, the code for establishing an interoperable credential for use in an online transaction between a user and a financial institution, the code comprising:
- code for receiving, by a financial institution computer, a request from the user for the registration of a credential provided by a credential provider independently selected by the user, wherein the request is signed by a user'"'"'s digital signature;
  
  code for examining, by the financial institution computer, the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with a manifest of credential usage associated with the financial institution; and
  
  code for authorizing, by the financial institution, the credential to represent the user with regard to an online transaction with the financial institution, wherein the credential is interoperable with at least one other financial institution.

22. A system for establishing an interoperable credential for use in an online transaction between a user and a financial institution, the system comprising:
- a financial institution partner key management module communicatively connected to a user module, the financial institution partner key management module comprising;
  
  a memory configured to store a manifest of credential usage associated with the financial institution; and
  
  a processor configured to;
  
  receive a request from the user module for the registration of a credential provided by a credential provider independently selected by the user module, wherein the request is signed by a user'"'"'s digital signature;
  
  examine the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with the manifest of credential usage associated with the financial institution; and
  
  authorize the credential to represent the user with regard to an online transaction with the financial institution, wherein the credential is interoperable with at least one other financial institution.

23. A method for establishing an interoperable credential of a first type selected from a group consisting of:
- a certificate, a one-time password, an IP address, or a machine fingerprint, for use in an online transaction between a user and an institution, the method comprising;
  
  receiving, by an institution computer, a request from the user for registration of a credential provided by a credential provider independently selected by the user, wherein the request is signed by a user'"'"'s digital signature using a credential of second type selected from a group consisting of;
  
  a certificate, a one-time password, an IP address, a machine fingerprint, wherein the first type and the second type are not the same;
  
  examining, by the institution computer, the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with a manifest of credential usage associated with the financial institution; and
  
  authorizing, by the financial institution, the credential to represent the user with regard to an online transaction with the institution, wherein the credential is interoperable with at least one other institution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Croston, Sean, Benson, Glenn

Granted Patent

US 9,608,826 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 2220/00   Business processing using c...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

SYSTEM AND METHOD FOR PARTNER KEY MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PARTNER KEY MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links