SYSTEM AND METHOD FOR PARTNER KEY MANAGEMENT
First Claim
1. A method for establishing an interoperable credential for use in an online transaction between a user and an institution, the method comprising:
- receiving, by an institution computer, a request from the user for the registration of a credential provided by a credential provider independently selected by the user, wherein the request is signed by a user'"'"'s digital signature;
examining, by the institution computer, the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with a manifest of credential usage associated with the financial institution; and
authorizing, by the financial institution, the credential to represent the user with regard to an online transaction with the institution, wherein the credential is interoperable with at least one other institution.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for implementing an interoperable credential management protocol for processing online transactions. The protocol, referred to as the Partner Key Management (PKM) protocol provides an improved alternative to traditional public key, infrastructure (PKI), particularly for use in high-value commercial transactions which require additional controls on the use of credentials for authentication and authorization. According to the PKM protocol, a user may take advantage of credential interoperability by using the same credential at a plurality of different financial institutions for authentication or digital signatures. Additionally, the credential interoperability achieved according to the PKM protocol allows the user to employ the same credential at a plurality of financial institutions for the purpose of digital or electronic signatures.
-
Citations
23 Claims
-
1. A method for establishing an interoperable credential for use in an online transaction between a user and an institution, the method comprising:
-
receiving, by an institution computer, a request from the user for the registration of a credential provided by a credential provider independently selected by the user, wherein the request is signed by a user'"'"'s digital signature; examining, by the institution computer, the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with a manifest of credential usage associated with the financial institution; and authorizing, by the financial institution, the credential to represent the user with regard to an online transaction with the institution, wherein the credential is interoperable with at least one other institution. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for establishing an interoperable credential for use in an online transaction between a user and a plurality of institutions, the method comprising:
-
obtaining a credential from a credential provider; sending a first request to a first institution for registration of the credential to represent the user with regard to an online transaction with the first institution; sending a second request to a second institution for registration of the credential to represent the user with regard to an online transaction with the second institution; and receiving confirmation from the first institution and the second institution that the credential is registered, thereby establishing the credential as an interoperable credential. - View Dependent Claims (8, 9)
-
-
10. A method for securely processing an online transaction between a user and a first financial institution, the method comprising:
-
receiving, by a first financial institution partner key management module, information from a validator relating to a request for a transaction on behalf of a user, the information comprising a user-signed transaction request counter-signed by a validator, a signed revocation statement, and a partner key practice statement signed by the validator; and validating, by the first financial institution partner key management module, the information according to a manifest of credential usage associated with the first financial institution and, if validated, processing the requested transaction. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable medium comprising computer executable software code tangibly embodied thereon, the code for establishing an interoperable credential for use in an online transaction between a user and a financial institution, the code comprising:
-
code for receiving, by a financial institution computer, a request from the user for the registration of a credential provided by a credential provider independently selected by the user, wherein the request is signed by a user'"'"'s digital signature; code for examining, by the financial institution computer, the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with a manifest of credential usage associated with the financial institution; and code for authorizing, by the financial institution, the credential to represent the user with regard to an online transaction with the financial institution, wherein the credential is interoperable with at least one other financial institution.
-
-
22. A system for establishing an interoperable credential for use in an online transaction between a user and a financial institution, the system comprising:
-
a financial institution partner key management module communicatively connected to a user module, the financial institution partner key management module comprising; a memory configured to store a manifest of credential usage associated with the financial institution; and a processor configured to; receive a request from the user module for the registration of a credential provided by a credential provider independently selected by the user module, wherein the request is signed by a user'"'"'s digital signature; examine the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with the manifest of credential usage associated with the financial institution; and authorize the credential to represent the user with regard to an online transaction with the financial institution, wherein the credential is interoperable with at least one other financial institution.
-
-
23. A method for establishing an interoperable credential of a first type selected from a group consisting of:
- a certificate, a one-time password, an IP address, or a machine fingerprint, for use in an online transaction between a user and an institution, the method comprising;
receiving, by an institution computer, a request from the user for registration of a credential provided by a credential provider independently selected by the user, wherein the request is signed by a user'"'"'s digital signature using a credential of second type selected from a group consisting of;
a certificate, a one-time password, an IP address, a machine fingerprint, wherein the first type and the second type are not the same;examining, by the institution computer, the user'"'"'s digital signature to determine if the user'"'"'s digital signature complies with a manifest of credential usage associated with the financial institution; and authorizing, by the financial institution, the credential to represent the user with regard to an online transaction with the institution, wherein the credential is interoperable with at least one other institution.
- a certificate, a one-time password, an IP address, or a machine fingerprint, for use in an online transaction between a user and an institution, the method comprising;
Specification