Method and apparatus for authenticating participants in electronic commerce

US 6,351,812 B1
Filed: 08/07/2001
Issued: 02/26/2002
Est. Priority Date: 09/04/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for obtaining and storing on an electronic commerce participant'"'"'s network device digitally signed information that certifies the value of certain other information associated with the participant, including the validity of one or more of the participant'"'"'s credentials for delivery by the participant to other parties to the electronic commerce, thereby enabling the other party to validate the other information without consulting a third party, comprising the steps of:

receiving at a Validity Status Authority connected to a network an inquiry concerning the validity status of information associated with the participant;

checking, by the Validity Status Authority, whether the information is valid;

encoding a block of data (“

a Cookie”

) by the Validity Status Authority and transmitting the Cookie for embedding within the participant'"'"'s device, the Cookie including a plurality of attributes for validating the participant information such that the Cookie, when transmitted to another party during electronic commerce, will allow that other party to determine the validity of the other information associated with the participant without consulting a third party.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A participant (14) in electronic commerce can validate his/her own certificate (24, 31) by accessing an authority (28, 32) that checks whether the participant'"'"'s certificate is valid. If the certificate is valid, the authority embeds with the participant'"'"'s terminal (12) a block of data, in the form of a Cookie (28, 30) that includes a plurality of attributes indicative of the certificate, for example, the certificate'"'"'s date of expiration. When accessing a secure application (16), the participant presents both the certificate and the authenticating Cookie, obviating the need for a real-time inquiry to the authority, unless the Cookie is stale or missing.

132 Citations

19 Claims

1. A method for obtaining and storing on an electronic commerce participant'"'"'s network device digitally signed information that certifies the value of certain other information associated with the participant, including the validity of one or more of the participant'"'"'s credentials for delivery by the participant to other parties to the electronic commerce, thereby enabling the other party to validate the other information without consulting a third party, comprising the steps of:
- receiving at a Validity Status Authority connected to a network an inquiry concerning the validity status of information associated with the participant;
  
  checking, by the Validity Status Authority, whether the information is valid;
  
  encoding a block of data (“
  
  a Cookie”
  
  ) by the Validity Status Authority and transmitting the Cookie for embedding within the participant'"'"'s device, the Cookie including a plurality of attributes for validating the participant information such that the Cookie, when transmitted to another party during electronic commerce, will allow that other party to determine the validity of the other information associated with the participant without consulting a third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 19)
- - 2. The method according to claim 1 wherein the Status Authority receives an inquiry from the participant seeking validation of a public key certificate held by the participant.
  - 3. The method according to claim 2 wherein the Status Authority checks whether the public key certificate held by the participant constitutes a valid public key certificate.
  - 4. The method according to claim 2 wherein the Status Authority encodes the Cookie to include a plurality of attributes regarding the public key certificate.
  - 5. The method according to claim 4 wherein the Status Authority encodes the Cookie to includes an attribute that indicates the revocation status of the public key certificate.
  - 6. The method according to claim 4 wherein the Status Authority encodes the Cookie to include an attribute that indicates the date when the status of the public key certificate assumed its revocation status value.
  - 7. The method according to claim 1 wherein the Status Authority receives an inquiry regarding a participant'"'"'s status.
  - 8. The method according to claim 7 wherein the Status Authority encodes the Cookie to include a plurality of attributes indicative of the status of the participant.
  - 9. The method according to claim 7 wherein the Status Authority encodes the Cookie to include an attribute that indicates when the participant assumed its current status.
  - 10. The method according to claim 1 wherein the Status Authority receives an inquiry regarding a participant'"'"'s role.
  - 11. The method according to claim 10 wherein the Status Authority encodes the Cookie to include a plurality of attributes indicative of the participant'"'"'s role.
  - 12. The method according to claim 10 wherein the Status Authority encodes the Cookie to include an attribute that indicates when the participant assumed its role.
  - 13. The method according to claim 1 wherein the Status Authority receives an inquiry regarding a participant'"'"'s credit account.
  - 14. The method according to claim 13 wherein the Status Authority encodes the Cookie to include a plurality of attributes indicative of the participant'"'"'s credit account status.
  - 19. The method according to claim 1 further including the steps of:

15. A method for authenticating a participant in electronic commence to enable the participant to access an application on a network though the participant'"'"'s terminal, comprising the steps of:
- receiving at a Certificate Status Authority connected to a network an inquiry from a participant seeking authentication of a public key certificate held by the participant;
  
  checking, by the Certificate Status Authority, whether the public key certificate held by the participant is valid; and
  
  if so, encoding a first block of data (“
  
  a certificate Cookie”
  
  ) by the Certificate Status Authority and transmitting the certificate Cookie for embedding within the participant'"'"'s terminal, the Cookie including a plurality of attributes for validating the public key certificate held by the participant;
  
  receiving at an Associate Status Authority connected to the network an inquiry from a participant seeking the participant'"'"'s status;
  
  determining, by the Associate Status Authority, the participant'"'"'s status; and
  
  encoding a second block of data (“
  
  an Associate Status Cookie”
  
  ) by the Associate Status Authority and transmitting the Associate Status Cookie for embedding within the participant'"'"'s terminal, the Associate Status Cookie including a plurality of attributes including the participant'"'"'s status.

16. A system for electronic commerce that certifies the value of certain other information associated with a participant, including the validity of one or more of the participant'"'"'s credentials, to enable another party to validate the other information without consulting a third party, comprising:
- a Validity Status Authority connected to a network for receiving an inquiry the validity status of information associated with the participant and for checking whether the information is valid;
  
  means for encoding a block of data (“
  
  a Cookie”
  
  ) by the Validity Status Authority for transmitting the Cookie for embedding within a participant'"'"'s network device, the Cookie including a plurality of attributes for validating the participant information;
  
  means for transmitting the Cookie to another party during electronic commerce so that the other party can determine the validity of the other information associated with the participant without consulting a third party;
  
  means for redirecting the participant to the status authority for a Cookie refresh if the Cookie is deemed too stale by the other party; and
  
  means for returning the participant back to the other party with the now-refreshed Cookie.
- View Dependent Claims (17, 18)
- - 17. The system according to claim 16 wherein the participant'"'"'s network device comprises a terminal executing a web browser.
  - 18. The system according to claim 16 wherein the participant'"'"'s network device comprises a credit card and wherein the means for encoding the Cookie comprises a credit card reader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Datar, Rajendra, Hurley, Daniel F., Prasad, Vishwa, West, Earle H.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/923,512
Time in Patent Office

203 Days
Field of Search

713/182, 713/155, 713/164, 713/165, 713/168, 713/169
US Class Current

713/182
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2103   Challenge-response

G06Q 30/06   Buying, selling or leasing ...

Method and apparatus for authenticating participants in electronic commerce

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

132 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authenticating participants in electronic commerce

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

132 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links