Secure world wide electronic commerce over an open network
DCFirst Claim
Patent Images
1. A world-wide system/network for the conduct of electronic commercial and non-commercial business transactions based on a global network public key security infrastructure, comprising:
- a plurality of user terminals connected to the network, at least some of said user terminals equipped with the ability to read and/or write smart tokens containing one or more encryption keys;
a plurality of application/information servers connected to the network and configured to link to the security infrastructure; and
one or more security servers connected to the network, each for certifying the public keys of users registered to engage in electronic business transactions or the public keys of other security servers,wherein encryption keys fetched from said security servers are capable of being authenticated by one or more of said user terminals and used to ensure the origin and authenticity of electronic commercial transactions conducted using said user terminals and said application/information servers.
8 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A network of users and servers of a type found in the Internet system is extended to permit secure electronic commercial transactions to be accomplished. The network is extended to include a public key infrastructure and electronic transactions can be securely performed utilizing smart token technology. Conduct of a variety of common electronic business transactions over such an extended network is provided.
-
Citations
38 Claims
-
1. A world-wide system/network for the conduct of electronic commercial and non-commercial business transactions based on a global network public key security infrastructure, comprising:
-
a plurality of user terminals connected to the network, at least some of said user terminals equipped with the ability to read and/or write smart tokens containing one or more encryption keys; a plurality of application/information servers connected to the network and configured to link to the security infrastructure; and one or more security servers connected to the network, each for certifying the public keys of users registered to engage in electronic business transactions or the public keys of other security servers, wherein encryption keys fetched from said security servers are capable of being authenticated by one or more of said user terminals and used to ensure the origin and authenticity of electronic commercial transactions conducted using said user terminals and said application/information servers. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of conducting electronic commerce over an unsecured network, comprising:
-
registering users in a public key infrastructure system by providing encrypting information to the users that is stored in smart tokens of the users, and certifying one or more public keys for each user, the public keys being used to decrypt information that has been encrypted by the corresponding smart token of said each user; and authenticating electronic transactions using certified public keys that are used to decrypt information that has been encrypted by the smart tokens, wherein a binding between a public key and its owner can be authenticated; whereby authentic and authorized business transactions can occur in said unsecured network. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of conducting electronic commerce over an unsecured network, comprising:
-
authenticating, as to origin, information placed on at least one application/information server of said network; accessing said information in an authentic and authorized way by outputting information encrypted by a smart token that has a private key used for encryption stored therein; ordering products or services after accessing said information by sending or exchanging electronic messages that have been encrypted with said private key; and authenticating said electronic messages as to origin, recipient, or trusted third party, wherein the step of authenticating said electronic messages as to origin includes validating a public key of a public key/private key pair of a user originating at least one of said electronic messages using digital signatures of one or more certification authorities and using the public key for validation of the at least one of said electronic messages. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A world wide system for secure, reliable and authorized electronic transactions and applications performed over computer and data transmission networks, comprising:
-
a plurality of network servers and associated data bases including application/information servers, indexing and searching servers, addressing servers, security servers, or Trusted Third Parties servers; a plurality of types of multifunctional and multipurpose client stations, with user interaction tools, functions and interfaces for different types of electronic transactions; and a plurality of electronic business transactions protocols to access servers, to fetch information, data and services and to perform a plurality of electronic business transactions. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. A method for encoding a smart token for use in electronic commerce over an unsecured network, comprising:
-
sending over the unsecured network, by a user at a user terminal to a certification server, an application for encoding the smart token; determining, by the certification server, whether the user is authorized to encode the smart token; sending, from the certification server to the user terminal, information as to whether the user has been authorized or disapproved from encoding the smart token; if the user has been authorized to obtain the smart token, sending information for encoding the smart token from the certification server to the user terminal over the unsecured network, wherein the user is capable of conducting electronic commerce transactions over the unsecured network using the encoded smart token, and wherein an application/information server connected on the unsecured network is capable of determining whether the user is authorized to edit any programs stored within the application/information server by comparing information encoded with a private key from the smart token of the user with information stored at the application/information server that corresponds to public keys of all authorized entities that are allowed to edit the programs stored within the application/information server. - View Dependent Claims (32, 33, 34)
-
-
35. A system for conducting electronic commerce transactions over an unsecured network, comprising:
-
at least one user terminal connected to the unsecured network, the at least one user terminal configured to read and write smart tokens containing at least one encryption key stored therein; at least one application/information server connected to the unsecured network and configured to link to a security infrastructure within the unsecured network; and at least one security server connected to the unsecured network and configured to certify public key of users registered to engage in the electronic commerce transactions over the unsecured network, wherein the at least one application/information server sends a request for authentication to the at least one security server for verification of a particular public key received from the at least one user terminal when the at least one user terminal desires to conduct a particular electronic commerce transaction over the unsecured network with the at least one application/information server, wherein the at least one security server determines whether the at least one user terminal has been previously registered and certified to conduct the electronic commerce transactions and has a valid smart token, and wherein the at least one application/information server receives information from the at least one security server concerning whether the user is authorized and allows the particular electronic commerce transaction to take place if the user is authorized. - View Dependent Claims (36)
-
-
37. A method of conducting electronic commerce over an unsecured network, comprising:
-
registering a user in a public key infrastructure system by obtaining a registration request from the user over the unsecured network and determining that the user is authorized to conduct electronic commerce over the unsecured network; sending information for encoding a smart token to the user over the unsecured network, the encoded smart token to be used by the user to conduct the electronic commerce over the unsecured network; requesting a particular electronic commerce transaction between the user and an application/information server, the request being made over the unsecured network; determining, by the application/information server, whether the user is authorized to conduct the particular electronic commerce transaction by requesting authorization of the user from a security server; and if the user has been determined to be authorized, then utilizing, by the application/information server, a certified public key of the user to conduct the particular electronic commerce transaction between the user and the application/information server, wherein the user utilizes a private key obtained from the smart token to conduct the particular electronic commerce transaction between the user and the application/information server.
-
-
38. A method of conducting electronic commerce over an unsecured network, comprising:
-
authenticating, as to origin, information received by at least one application/information server over the unsecured network, the authenticating being performed by determining whether the information received over the unsecured network is capable of being decoded using an authorized public key of the least one application/information server; if the authenticating step determines that the origin is not an authorized origin, denying access to the at least one application/information server by a user that sent the information; if the authenticating step determines that the origin is an authorized origin, allowing access to the at least one application/information server to conduct an electronic commerce transaction between the origin and the at least one application/information server; and authenticating electronic messages sent between the origin and the least one application/information server throughout the conducting of the electronic commerce transaction as to source, destination, or trusted third party.
-
Specification