Security process for public networks

US 5,978,918 A
Filed: 11/04/1997
Issued: 11/02/1999
Est. Priority Date: 01/17/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A transaction apparatus for securing an exchange between a sender and a receiver, the sender sending sender data that includes private data, said apparatus comprising:

a public network providing a communication medium between the sender and a receiver designated by the sender;

a local system trusted by the sender with sender data;

a transaction processor connected to the designated receiver by said public network; and

a nonpublic network connecting said local system and said transaction processor, said transaction processor receiving sender data from said local system over said nonpublic network and maintaining private data thereof in strict confidence while facilitating the exchange between the sender and the designated receiver over said public network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A practical method and system for supplementing or replacing current security protocols used on public networks involving the distribution of a proprietary system for use on a public network access provider'"'"'s network. The proprietary system includes processing hardware and proprietary software. The proprietary system transmits private data, outside the internet, over proprietary lines to a back-end process. When a "sender" sends private data it is sent over the proprietary system to a back-end process. The back-end process returns a time sensitive token which the "sender" sends to the "receiver". The "receiver" takes the time sensitive token and uses it to either retrieve the private data, over a proprietary system, or initiate a transaction with a financial institution. Encryption is used to allow authentication of the participants. This method can be used in conjunction with Secure Socket Layer (SSL) encryption and/or the Secure Electronic Transaction (SET) protocol.

102 Citations

View as Search Results

17 Claims

1. A transaction apparatus for securing an exchange between a sender and a receiver, the sender sending sender data that includes private data, said apparatus comprising:
- a public network providing a communication medium between the sender and a receiver designated by the sender;
  
  a local system trusted by the sender with sender data;
  
  a transaction processor connected to the designated receiver by said public network; and
  
  a nonpublic network connecting said local system and said transaction processor, said transaction processor receiving sender data from said local system over said nonpublic network and maintaining private data thereof in strict confidence while facilitating the exchange between the sender and the designated receiver over said public network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The transaction apparatus of claim 1, wherein the nonpublic network is selected from the group consisting of a dedicated telephone line, a private telephone line, a wireless data link, a wide area network, an optical network, a radio frequency data link, an intranet, a virtual private network, and combinations thereof.
  - 3. A transaction apparatus as claimed in claim 1 further comprising a token.
  - 4. A transaction apparatus as claimed in claim 3,wherein said token is time-sensitive.
  - 5. A transaction apparatus as claimed in claim 4,wherein said token expires according to coordinated universal time.
  - 6. A transaction apparatus as claimed in claim 3,wherein said token is encrypted.

7. A method of securing an exchange in a transaction conducted over a public network by a sender and a receiver designated by the sender, said method comprising the steps of:
- accessing said public network to designate a receiver;
  
  entrusting a trusted local system with sender data that includes data private to the sender;
  
  accessing a nonpublic network that connects said trusted local system with a transaction processor trusted to maintain private data in strict confidence;
  
  transmitting said sender data from said trusted local system to said trusted transaction processor whereby said transaction processor manages said private data in strict confidence while facilitating said transaction between the sender and the receiver.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. A method of securing transactions as claimed in claim 7, further comprising the steps of:
    - at said trusted transaction processor, generating a token in response to receipt of said sender data; and
      
      transmitting said token over said public network in lieu of said sender data.
  - 9. A method of securing transactions as claimed in claim 8,wherein said public network communicates said token to the receiver.
  - 10. A method of securing transactions as claimed in claim 9,wherein said token is time-sensitive.
  - 11. A method of securing transactions as claimed in claim 10, wherein said token expires according to coordinated universal time.
  - 12. A method of securing transactions as claimed in claim 11, further comprising the step of encrypting said token.
  - 13. A method of securing transactions as claimed in claim 7, wherein the nonpublic network is selected from the group consisting of a dedicated telephone line, a private telephone line, a wireless data link, a wide area network, an optical network, a radio frequency data link, an intranet, a virtual private network, and combinations thereof.
  - 14. A method of securing transactions as claimed in claim 7, further comprising the step of;
    - encrypting said sender data prior to the step of transmitting said sender data.
  - 15. A method of securing transactions as claimed in claim 12,wherein the step of encrypting employs a technique selected from the group consisting of digital encryption standard protocol, secure electronic transaction protocol, secure socket layer protocol, public key encryption protocol, symmetric key encryption protocol, Diffie-Hellman key agreement protocol, Ajtai-Dwork cryptosystem, and combinations thereof.
  - 16. A method of securing transactions as claimed in claim 14,wherein the step of encrypting employs a technique selected from the group consisting of digital encryption standard protocol, secure electronic transaction protocol, secure socket layer protocol, public key encryption protocol, symmetric key encryption protocol, Diffie-Hellman key agreement protocol, Ajtai-Dwork cryptosystem, and combinations thereof.
  - 17. A method of securing transactions as claimed in claim 11,wherein said coordinated universal time is generated by network time protocol or simple network time protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Secure-Net Corporation
Original Assignee
Secure-Net Corporation
Inventors
Scholnick, Michael, Schlesinger, John F.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Baderman, Scott T.

Application Number

US08/964,335
Time in Patent Office

728 Days
Field of Search

713/201, 713/202, 380/21, 380/23, 380/25, 380/4, 380/48, 380/49, 709/225, 709/229
US Class Current

726/10
CPC Class Codes

G06F 21/6263   during internet communicati...

G06Q 20/00   Payment architectures, sche...

G06Q 20/0855   involving a third party

H04L 63/04   for providing a confidentia...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/40   Network security protocols

Security process for public networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Security process for public networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links