Method for establishing secure communications among processing devices

US 5,703,949 A
Filed: 10/23/1996
Issued: 12/30/1997
Est. Priority Date: 04/28/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method for enabling secure communications among processing devices, comprising the steps of:

establishing a first cryptographically secure session between a first processing device and a second processing device, where said first processing device is remotely located from said second processing device;

establishing a second cryptographically secure session between a third processing device and a fourth processing device, where said third processing device is remotely located from said fourth processing device, where said first processing device communicates with said third processing device over a first communications link, and where said second processing device communicates with said fourth processing device over a second communications link;

in said first processing device;

sending session key information stored in said second processing device to said third processing device via said second communications link and said second cryptographically secure session;

generating said session key in said third processing device at least in part from said session key information;

storing said session key in said third processing device; and

establishing a third cryptographically secure session between said first processing device and said third processing device using said session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise. A first processing device generates an encryption key. A third processing device receives information from a second processing device by way of a fourth processing device, which information allows the third processing device to generate the encryption key. Thus, the first and third processing devices can securely communicate using the generated encryption key.

209 Citations

11 Claims

1. A method for enabling secure communications among processing devices, comprising the steps of:
- establishing a first cryptographically secure session between a first processing device and a second processing device, where said first processing device is remotely located from said second processing device;
  
  establishing a second cryptographically secure session between a third processing device and a fourth processing device, where said third processing device is remotely located from said fourth processing device, where said first processing device communicates with said third processing device over a first communications link, and where said second processing device communicates with said fourth processing device over a second communications link;
  
  in said first processing device;
  
  sending session key information stored in said second processing device to said third processing device via said second communications link and said second cryptographically secure session;
  
  generating said session key in said third processing device at least in part from said session key information;
  
  storing said session key in said third processing device; and
  
  establishing a third cryptographically secure session between said first processing device and said third processing device using said session key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein said:
    - session key information comprises a second random number and where said step of generating a session key includes the substeps of;
      
      said first processing device generating a first random number;
      
      said second processing device generating said second random number and sending said second random number to said first processing device via said first cryptographically secure session; and
      
      said first processing device forming said session key by exclusive ORing said first and second random numbers.
  - 3. The method of claim 2 further comprising the steps of:
    - said first processing device sending said first random number to said third processing device via said first communications link; and
      
      establishing the presence of said session key in said third processing device by exclusive-ORing said first random number and said second random number.
  - 4. The method of claim 3 further comprising the steps of:
    - said first processing device sending said first random number to said second processing device via said first cryptographically secure session;
      
      said second processing device forming said session key by exclusive ORing said first random number and said second random number;
      
      said second processing device storing said session key;
      
      said second processing device sending said second random number to said fourth processing device via said second communications link;
      
      said first processing device sending said first random number to said fourth processing device via said first communications link and said second cryptographically secure session;
      
      said fourth processing device forming a session key by exclusive ORing said first and second random numbers;
      
      storing said session key in said fourth processing device; and
      
      establishing a fourth cryptographically secure session between said second and fourth processing devices using said session key.
  - 5. The method of claim 1, wherein information passing through said second cryptographically secure session is further encrypted by said first cryptographically secure session.
  - 6. The method of claim 1, wherein said processing devices are tamper-proof.
  - 7. The method of claim 6, wherein said first and second processing devices are trusted agents and said third and fourth processing devices are money modules.

8. A method for enabling secure communications among processing devices, comprising the steps of:
- establishing a first cryptographically secure session between a first processing device and a second processing device, where said first processing device is remotely located from said second processing device;
  
  establishing a second cryptographically secure session between a third processing device and a fourth processing device, where said third processing device is remotely located from said fourth processing device, where said first processing device communicates with said third processing device over a first communications link, and where said second processing device communicates with said fourth processing device over a second communications link;
  
  said first processing device generating a first random number;
  
  sending said first random number to said second processing device via said first cryptographically secure session and to said fourth processing device via said second communications link, whereby said first, second, and fourth processing devices store said first random number;
  
  said second processing device generating a second random number;
  
  sending said second random number to said first processing device via said first cryptographically secure session and to said third processing device via said first communications link, whereby said second, first, and third processing devices store said second random number;
  
  said fourth processing device sending said first random number to said third processing device via said second cryptographically secure session;
  
  said third processing device sending said second random number to said fourth processing device via said second cryptographically secure session;
  
  said first processing device forming a random session key from said first and second random numbers;
  
  said second processing device forming said random session key from said first and second random numbers;
  
  said third processing device forming said random session key from said first and second random numbers;
  
  said fourth processing device forming said random session key from said first and second random numbers; and
  
  where said first and third processing devices cryptographically communicate with said session key, and where said second and fourth processing devices cryptographically communicate with said session key.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein information passing through said second cryptographically secure session is further encrypted by said first cryptographically secure session.
  - 10. The method of claim 8, wherein said processing devices are tamper-proof.
  - 11. The method of claim 10, wherein said first and second processing devices are trusted agents and said third and fourth processing devices are money modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Rosen, Sholom S.
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
SAYADIAN, HRAYR

Application Number

US08/730,158
Time in Patent Office

433 Days
Field of Search

380/21, 380/23, 380/24, 380/25, 380/46, 380/49
US Class Current

705/65
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/06   Private payment circuits, e...

G06Q 20/085   involving remote charge det...

G06Q 20/0855   involving a third party

G06Q 20/10   specially adapted for elect...

G06Q 20/105   involving programming of a ...

G06Q 20/12   specially adapted for elect...

G06Q 20/204   comprising interface for re...

G06Q 20/209   Specified transaction journ...

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/3678   e-cash details, e.g. blinde...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401 : Transaction verification

G06Q 30/06 : Buying, selling or leasing ...

G06Q 30/0601 : Electronic shopping [e-shop...

G06Q 50/188 : Electronic negotiation

G07F 17/16 : for devices exhibiting adve...

G07F 7/0866 : by active credit-cards adap...

H04L 2209/42 : Anonymization, e.g. involvi...

H04L 2209/56 : Financial cryptography, e.g...

H04L 63/123 : received data contents, e.g...

H04L 9/3213 : using tickets or tokens, e....

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

View All

Method for establishing secure communications among processing devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

209 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method for establishing secure communications among processing devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links