Secure electronic transactions using a trusted intermediary

US 6,161,181 A
Filed: 03/06/1998
Issued: 12/12/2000
Est. Priority Date: 03/06/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system for use with a communication network to securely transmit a message thereover from a sender to a recipient, comprising:

a transmitter havingfirst logic to receive the message from a user and to form an encrypted inner envelope using a first cryptographic algorithm, the encrypted inner envelope containing the message in an encrypted form decryptable by the recipient;

second logic to form a first information structure associated with the inner envelope, the first information structure containing data identifying the recipient as a destination;

third logic to form an encrypted first information structure using a second cryptographic algorithm, the encrypted first information structure, containing the first information structure in an encrypted form decryptable by the intermediary, wherein the second cryptographic algorithm is different than the first cryptographic algorithm;

fourth logic to receive the encrypted inner envelope and encrypted first information structure and to transmit them as a first package on the communication network;

an intermediary havingfifth logic to receive the first package and to decrypt the encrypted first information structure, using the second cryptographic algorithm, to determine the identifying data;

sixth logic to form a second package, the second package containing the encrypted inner envelope;

seventh logic to inform the recipient of the second package;

a receiver havingeighth logic to obtain the second package; and

ninth logic to decrypt the inner envelope, using the first cryptographic algorithm, to recover the message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure electronic transactions using a Trusted Intermediary. A system for, and method of, securely transmitting a package from a sender to a recipient, via an intermediary, are described, along with a novel data arrangement, stored in a computer-readable medium. A sender encrypts the message to form an encrypted inner envelope. A waybill is formed that among other things identifies the recipient as the destination and includes information indicating various levels of services desired, e.g., electronic notarization. The waybill and inner envelope are used to form an encrypted outer envelope that is addressed to a trusted intermediary. The intermediary receives the package and decrypts the outer envelope. It is unable to decrypt the inner envelope, due to the keys employed during encryption. The service information is processed, and the package is used to form a second package addressed to the recipient. The recipient decrypts the package and confirms receipt thereof, using a digest of the message. In this way, receipt of the message cannot be properly repudiated by the recipient. An extra level of encryption to form an outer envelope from the intermediary to the recipient may be included, and the various envelopes and confirmation digests may be signed so that the contents and identities may be authenticated.

371 Citations

32 Claims

1. A system for use with a communication network to securely transmit a message thereover from a sender to a recipient, comprising:
- a transmitter havingfirst logic to receive the message from a user and to form an encrypted inner envelope using a first cryptographic algorithm, the encrypted inner envelope containing the message in an encrypted form decryptable by the recipient;
  
  second logic to form a first information structure associated with the inner envelope, the first information structure containing data identifying the recipient as a destination;
  
  third logic to form an encrypted first information structure using a second cryptographic algorithm, the encrypted first information structure, containing the first information structure in an encrypted form decryptable by the intermediary, wherein the second cryptographic algorithm is different than the first cryptographic algorithm;
  
  fourth logic to receive the encrypted inner envelope and encrypted first information structure and to transmit them as a first package on the communication network;
  
  an intermediary havingfifth logic to receive the first package and to decrypt the encrypted first information structure, using the second cryptographic algorithm, to determine the identifying data;
  
  sixth logic to form a second package, the second package containing the encrypted inner envelope;
  
  seventh logic to inform the recipient of the second package;
  
  a receiver havingeighth logic to obtain the second package; and
  
  ninth logic to decrypt the inner envelope, using the first cryptographic algorithm, to recover the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 30)
- - 2. The system of claim 1 wherein the third logic cooperates with the first logic to encrypt the encrypted inner envelope, using the second cryptographic algorithm, after the first logic has formed the encrypted inner envelope.
  - 3. The system of claim 2wherein the first cryptographic algorithm uses a first symmetric algorithm and first secret key, and wherein the first logic encrypts the first secret key, using a public key associated with the recipient, and includes the encrypted first secret key in the encrypted inner envelope, andwherein the ninth logic decrypts the encrypted first secret key using a private key associated with the recipient, and uses the decrypted first secret key and the first symmetric algorithm to decrypt the message contained in the second package.
  - 4. The system of claim 2wherein the second cryptographic algorithm uses a second symmetric algorithm and second secret key, and wherein the third logic encrypts the second secret key, using a public key associated with the intermediary, and includes the encrypted second secret key with the encrypted information structure, andwherein the fifth logic decrypts the encrypted second secret key using a private key associated with the intermediary, and uses the decrypted second secret key and the second symmetric algorithm to decrypt the information structure contained in the first package.
  - 5. The system of claim 1wherein the transmitter further includes tenth logic to form a first digital signature, decryptable by the intermediary, based on the first package, and to include the first digital signature in the first package;
    - andwherein the intermediary further includes eleventh logic to authenticate the first package based on the first digital signature.
  - 6. The system of claim 1wherein the intermediary further includes twelfth logic to form a second digital signature, decryptable by the recipient, based on the second package, and to include the second digital signature in the second package;
    - andwherein the receiver further includes thirteenth logic to authenticate the second package based on the second digital signature.
  - 7. The system of claim 1wherein the intermediary further includes fourteenth logic to form a second information structure;
    - wherein the sixth logic includes logic to encrypt the second information structure and the encrypted inner envelope, using a third cryptographic algorithm;
      
      wherein the ninth logic includes logic to decrypt the second package, using the third cryptographic algorithm to recover the second information structure; and
      
      wherein the second and third predetermined cryptographic algorithms are different.
  - 8. The system of claim 7 wherein the first and third cryptographic algorithms are different.
  - 9. The system of claim 7 wherein the sixth logic operates to encrypt the encrypted inner envelope and the second information structure, using the third cryptographic algorithm.
  - 10. The system of claim 7wherein the third cryptographic algorithm uses a third symmetric algorithm and third secret key, and wherein the sixth logic encrypts the third secret key, using a public key associated with the recipient, and includes the encrypted third secret key in the second package;
    - andwherein the ninth logic decrypts the encrypted third secret key using a private key associated with the recipient, and uses the decrypted third secret key and the third symmetric algorithm to decrypt the second package to recover the second information structure contained in the second package.
  - 11. The system of claim 7wherein the transmitter further includes fifteenth logic to form a third digital signature, decryptable by the recipient, based on the second package, and to include the third digital signature in the second package;
    - andwherein the receiver further includes sixteenth logic to authenticate the second package based on the third digital signature.
  - 12. The system of claim 7wherein the first logic includes logic to form a fourth digital signature based on the message and to include the fourth digital signature in the encrypted inner envelope;
    - andwherein the receiver further includes seventeenth logic to authenticate the message contained in the second package based on the fourth digital signature.
  - 13. The system of claim 3 wherein the first symmetric algorithm is RC5 block cipher encryption.
  - 14. The system of claim 4 wherein the first symmetric algorithm is RC2 block cipher encryption.
  - 15. The system of claim 10 wherein the first symmetric algorithm is Triple DES block cipher encryption.
  - 16. The system of claim 10wherein the first information structure contains data identifying the recipient and another recipient as ultimate destinations;
    - wherein the fourteenth logic includes logic to form a second information structure associated with the recipient and a second information structure associated with the other recipient; and
      
      wherein the sixth logic encrypts the third secret key, using a public key associated with the recipient, and includes the encrypted third secret key in a second package, having the second information structure associated with the recipient, to be sent to the recipient, and encrypts the third secret key, using a public key associated with the other recipient, and includes the encrypted third secret key in a second package, having the second information structure associated with the other recipient, to be sent to the other recipient.
  - 30. The system of claim 1 further comprising a HTTP server and wherein the HTTP server includes logic for obtaining and storing the second package, and wherein the eight logic includes logic for downloading the second package from the HTTP server.

17. An arrangement of data stored in a computer-readable medium for containing a message in a secure manner so that it may be transmitted on a communication network from a sender to a recipient, the stored data arrangement comprising:
- an encrypted inner envelope, containing the message and a digital signature based on the message and the sender;
  
  an encrypted outer envelope, containing the encrypted inner envelope;
  
  a waybill information structure that includes information identifying the sender as an originator of the message, information identifying the recipient as a destination of the message, and information uniquely identifying the data arrangement; and
  
  a digital signature based on the encrypted inner envelope, the waybill information structure and on an identity of an entity transmitting the data arrangement.

18. A method of securely transmitting a message from a sender to a recipient, via an intermediary, the method comprising the steps of:
- (a) receiving the message from the sender and using a first cryptographic algorithm to form an encrypted inner envelope, containing the message and decryptable by the recipient;
  
  (b) forming a first information structure, associated with the inner envelope, containing data identifying the recipient as a destination;
  
  (c) using a second cryptographic algorithm, to form an encrypted information structure, decryptable by the intermediary, wherein the second cryptographic algorithm is different than the first cryptographic algorithm;
  
  (d) receiving the encrypted inner envelope and encrypted first information structure and transmitting them as a first package on the communication network;
  
  (e) receiving the first package and using the second cryptographic algorithm to decrypt the encrypted first information structure to determine the identifying data;
  
  (f) forming a second package, containing the encrypted inner envelope;
  
  (g) transmitting the second package on the network;
  
  (h) receiving the second package; and
  
  (i) decrypting the inner envelope, using the first cryptographic algorithm, to recover the message and to present it to the recipient.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 19. The method of claim 18 wherein step (c) is performed subsequently to step (a) and wherein step (c) encrypts the encrypted inner envelope, using the second cryptographic algorithm, after step (a) has encrypted the message, using the first cryptographic algorithm.
  - 20. The method of claim 19wherein step (a) uses a first symmetric algorithm and first secret key to encrypt the message, and encrypts the first secret key, using a public key associated with the recipient, and includes the encrypted first secret key in the encrypted inner envelope;
    - andwherein step (i) decrypts the encrypted first secret key using a private key associated with the recipient, and uses the decrypted first secret key and the first asymmetric algorithm to decrypt the message contained in the second package.
  - 21. The method of claim 19wherein step (c) uses a second symmetric algorithm and second secret key to encrypt the first information structure, and encrypts the second secret key, using a public key associated with the intermediary, and includes the encrypted second secret key with the encrypted information structure;
    - andwherein step (e) decrypts the encrypted second secret key using a private key associated with the intermediary, and uses the decrypted second secret key and the second symmetric algorithm to decrypt the information structure contained in the first package.
  - 22. The method of claim 18 further comprising the steps of(j) forming a first digital signature, decryptable by the intermediary, based on the first package, and including the first digital signature in the first package;
    - and(k) authenticating the first package, received in step (e), based on the first digital signature.
  - 23. The method of claim 18 further comprising the steps of(l) forming a second digital signature, decryptable by the recipient, based on the second package, and including the second digital signature in the second package;
    - and(m) authenticating the second package, received in step (h), based on the second digital signature.
  - 24. The method of claim 18 further comprising the steps of(n) forming a second information structure;
    - (o) encrypting the second information structure and the encrypted inner envelope, using a third cryptographic algorithm; and
      
      wherein step (h) decrypts the second package, using the third cryptographic algorithm to recover the second information structure; and
      
      wherein the second and third predetermined cryptographic algorithms are different.
  - 25. The method of claim 24 wherein the first and third cryptographic algorithms are different.
  - 26. The method of claim 24wherein step (o) uses a third symmetric algorithm and third secret key, and wherein step (f) encrypts the third secret key, using a public key associated with the recipient, and includes the encrypted third secret key in the second package, andwherein step (i) decrypts the encrypted third secret key using a private key associated with the recipient, and uses the decrypted third secret key and the third symmetric algorithm to decrypt the second package to recover the second information structure contained in the second package.
  - 27. The method of claim 24 further comprising the steps of(p) forming a third digital signature, decryptable by the recipient, based on the second package, and including the third digital signature in the second package;
    - and(q) authenticating the second package, received in step (h) based on the third digital signature.
  - 28. The method of claim 24wherein step (a) forms a fourth digital signature based on the message and includes the fourth digital signature in the encrypted inner envelope, andwherein the method further comprises the step of(r) authenticating the message contained in the second package based on the fourth digital signature.
  - 29. The method of claim 26wherein step (b) forms the first information structure to contain data identifying the recipient and another recipient as destinations,wherein step (n) forms a second information structure associated with the recipient and a second information structure associated with the other recipient;
    - andwherein step (o) encrypts the third secret key, using a public key associated with the recipient, and includes the encrypted third secret key in a second package, having the second information structure associated with the recipient, to be sent to the recipient, and encrypts the third secret key, using a public key associated with the other recipient, and includes the encrypted third secret key in a second package, having the second information structure associated with the other recipient, to be sent to the other recipient.

31. A system for use with a communication network to securely transmit a message thereover from a sender to a recipient, comprising:
- a first logic to receive the a first package, wherein;
  
  the first package includes at least an inner envelope encrypted using a first cryptographic algorithm and decryptable by the receiver and a first information structure containing data identifying the recipient as a destination, the first information structure encrypted using a second cryptographic algorithm;
  
  the second cryptographic algorithm is different than the first cryptographic algorithm; and
  
  the first logic is capable of decrypting the encrypted first information structure, using the second cryptographic algorithm, to determine the identifying data;
  
  a second logic to form a second package, the second package containing the encrypted inner envelope; and
  
  a third logic to inform the recipient of the second package.

32. A method of securely transmitting a message from a sender to a recipient, via an intermediary, the method comprising the steps of:
- receiving a first package, wherein;
  
  the first package includes at least an inner envelope encrypted using a first cryptographic algorithm and decryptable by the receiver and a first information structure containing data identifying the recipient as a destination, the first information structure encrypted using a second cryptographic algorithm; and
  
  the second cryptographic algorithm is different than the first cryptographic algorithm;
  
  decrypting the encrypted first information structure, using the second cryptographic algorithm, to determine the identifying data;
  
  forming a second package, the second package containing the encrypted inner envelope; and
  
  informing the recipient of the second package.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Deloitte & Touche USA LLP (Deloitte & Touche)
Original Assignee
Deloitte & Touche USA LLP (Deloitte & Touche)
Inventors
Prabhu, Ajit Mathias, Cantone, Michael Robert, Haynes, III, Patrick J., Friedman, Thomas Jay, Shoupp, Douglas Scott, Mitty, Todd Jay
Primary Examiner(s)
Peeso, Thomas R.
Assistant Examiner(s)
JACK, TODD M

Application Number

US09/036,175
Time in Patent Office

1,012 Days
Field of Search

380/37, 705/64, 713/176, 713/170, 713/153
US Class Current

713/170
CPC Class Codes

G06Q 20/382   insuring higher security of...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 51/00   User-to-user messaging in p...

H04L 63/045   wherein the sending and rec...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 63/168   above the transport layer

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Secure electronic transactions using a trusted intermediary

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

371 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Secure electronic transactions using a trusted intermediary

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

371 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links