Method for acquiring and revalidating an electronic credential

US 5,642,419 A
Filed: 12/19/1995
Issued: 06/24/1997
Est. Priority Date: 04/28/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method for acquiring an electronic credential utilizing a customer trusted agent, an authority trusted agent, and a host processor, comprising the steps of:

establishing a cryptographically secure session between said customer trusted agent and said authority trusted agent, wherein said customer and authority trusted agents are tamper-proofed processing devices;

said host processor sending credential information to said authority trusted agent;

said authority trusted agent assembling said electronic credential including said credential information, a device identifier uniquely designating the trusted agent that will receive said electronic credential, a digital signature of said authority trusted agent, and a certificate of said authority trusted agent;

sending said electronic credential to said customer trusted agent, via said cryptographically secure session;

said customer trusted agent validating said electronic credential;

said customer trusted agent committing;

said authority trusted agent committing; and

when said electronic credential is sent to another device and is checked, said other device verifying that said device identifier in said electronic credential matches a device identifier of said customer trusted agent.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise.

478 Citations

23 Claims

1. A method for acquiring an electronic credential utilizing a customer trusted agent, an authority trusted agent, and a host processor, comprising the steps of:
- establishing a cryptographically secure session between said customer trusted agent and said authority trusted agent, wherein said customer and authority trusted agents are tamper-proofed processing devices;
  
  said host processor sending credential information to said authority trusted agent;
  
  said authority trusted agent assembling said electronic credential including said credential information, a device identifier uniquely designating the trusted agent that will receive said electronic credential, a digital signature of said authority trusted agent, and a certificate of said authority trusted agent;
  
  sending said electronic credential to said customer trusted agent, via said cryptographically secure session;
  
  said customer trusted agent validating said electronic credential;
  
  said customer trusted agent committing;
  
  said authority trusted agent committing; and
  
  when said electronic credential is sent to another device and is checked, said other device verifying that said device identifier in said electronic credential matches a device identifier of said customer trusted agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 22)
- - 2. The method of claim 1, wherein said electronic credential is a driver'"'"'s license.
  - 3. The method of claim 1, wherein said electronic credential is a corporate seal.
  - 4. The method of claim 1, wherein said electronic credential is a credit or debit card.
  - 5. The method of claim 1, wherein said electronic credential is a passport.
  - 6. The method of claim 1, wherein said electronic credential is a social security card.
  - 7. The method of claim 1, further including the steps of:
    - sending a payment amount to said customer trusted agent via said cryptographically secure session;
      
      establishing a second cryptographically secure session between a first money module associated with said customer trusted agent and a second money module associated with said authority trusted agent; and
      
      said first money module transferring electronic money to said second money module in an amount consistent with said payment amount.
  - 8. The method of claim 1, further including the steps of:
    - sending a payment amount to said customer trusted agent via said cryptographically secure session;
      
      said customer trusted agent sending a payment credential to said authority trusted agent via said cryptographically secure session;
      
      said authority trusted agent validating said payment credential;
      
      sending said payment amount and said payment credential to a card authorization network;
      
      said authority trusted agent receiving notification that payment is authorized; and
      
      said authority trusted agent sending a payment authorized message to said customer trusted agent.
  - 9. The method of claim 1, wherein said trusted agents record log information which after said committing step is nonprovisionally maintained by said trusted agents.
  - 10. The method of claim 9, wherein said customer trusted agent'"'"'s log information includes said credential information.
  - 22. The method of claim 1, wherein said device identifier of said customer trusted agent is part of a certificate of said customer trusted agent, and is sent to said other device.

11. A method for remotely revalidating an electronic credential utilizing a customer trusted agent and an authority trusted agent, comprising the steps of:
- (a) establishing a cryptographically secure session between said customer trusted agent and said authority trusted agent, wherein said customer and authority trusted agents are tamper-proofed processing devices;
  
  (b) said customer trusted agent sending said electronic credential to said authority trusted agent, via said cryptographically secure session, for remote revalidation, wherein said electronic credential includes a device identifier uniquely designating the trusted agent that had received said electronic credential;
  
  (c) said authority trusted agent validating said electronic credential, including verifying that said device identifier in said electronic credential matches a device identifier of said customer trusted agent;
  
  (d) said authority trusted agent assembling an updated electronic credential including updated credential information, said device identifier of said customer trusted agent, a digital signature of said authority trusted agent, and a certificate of said authority trusted agent;
  
  (e) sending said updated electronic credential to said customer trusted agent, via said cryptographically secure session;
  
  (f) said customer trusted agent validating said updated electronic credential;
  
  (g) said customer trusted agent committing; and
  
  (h) said authority trusted agent committing.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23)
- - 12. The method of claim 11, wherein said electronic credential is a driver'"'"'s license.
  - 13. The method of claim 11, wherein said electronic credential is a corporate seal.
  - 14. The method of claim 11, wherein said electronic credential is a credit or debit card.
  - 15. The method of claim 11, wherein said electronic credential is a passport.
  - 16. The method of claim 11, wherein said electronic credential is a social security card.
  - 17. The method of claim 11, further including the steps of:
    - sending a payment amount to said customer trusted agent via said cryptographically secure session;
      
      establishing a second cryptographically secure session between a first money module associated with said customer trusted agent and a second money module associated with said authority trusted agent; and
      
      said first money module transferring electronic money to said second money module in an amount consistent with said payment amount.
  - 18. The method of claim 11, further including the steps of:
    - sending a payment amount to said customer trusted agent via said cryptographically secure session;
      
      said customer trusted agent sending a payment credential to said authority trusted agent via said cryptographically secure session;
      
      said authority trusted agent validating said payment credential;
      
      sending said payment amount and said payment credential to a card authorization network;
      
      said authority trusted agent receiving notification that payment is authorized; and
      
      said authority trusted agent sending a payment authorized message to said customer trusted agent.
  - 19. The method of claim 11, wherein said trusted agent'"'"'s record log information which after said committing step is nonprovisionally maintained by said trusted agents.
  - 20. The method of claim 11, further including the steps of said authority trusted agent determining if said electronic credential should be revalidated in person.
  - 21. The method of claim 11, further including the steps of:
    - after step (a), said authority trusted agent sending an authority credential to said customer trusted agent, via said cryptographically secure session;
      
      said customer trusted agent validating said authority credential.
  - 23. The method of claim 11, wherein said device identifier of said customer trusted agent is part of a certificate of said customer trusted agent, and is sent to said authority trusted agent when establishing said session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Rosen, Sholom S.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/574,857
Time in Patent Office

553 Days
Field of Search

380/23-25, 380/30
US Class Current

705/76
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/06   Private payment circuits, e...

G06Q 20/085   involving remote charge det...

G06Q 20/0855   involving a third party

G06Q 20/10   specially adapted for elect...

G06Q 20/105   involving programming of a ...

G06Q 20/12   specially adapted for elect...

G06Q 20/204   comprising interface for re...

G06Q 20/209   Specified transaction journ...

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/3678   e-cash details, e.g. blinde...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401 : Transaction verification

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 50/188 : Electronic negotiation

G07F 17/16 : for devices exhibiting adve...

G07F 7/0866 : by active credit-cards adap...

H04L 2209/42 : Anonymization, e.g. involvi...

H04L 2209/56 : Financial cryptography, e.g...

H04L 63/123 : received data contents, e.g...

H04L 9/3213 : using tickets or tokens, e....

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

View All

Method for acquiring and revalidating an electronic credential

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

478 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method for acquiring and revalidating an electronic credential

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

478 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links