Delegation of permissions in an electronic commerce system
First Claim
1. An electronic system, comprising:
- a delegator having rights to perform actions with scrip, and having a first delegation secret proving the rights held by the delegator, for delegating one or more rights to perform actions with the scrip; and
a delegatee for receiving the delegation of the one or more rights to perform actions with the scrip from the delegator, the delegatee receiving a second delegation secret derived from the first delegation secret, a delegation path from the delegator to the delegatee, a customer secret for the scrip, and the one or more rights delegated from the delegator to the delegatee, the second delegation secret proving the rights held by the delegatee.
3 Assignments
0 Petitions
Accused Products
Abstract
An electronic commerce system includes a broker computer system having a database of scrip representing a form of currency, a vendor computer system having a database containing products which may be exchanged for the scrip, a consumer computer system with which a user may initiate transactions with the scrip, and an agent computer system to which the consumer can delegate rights to perform actions with the scrip. To delegate actions on scrip, the delegator provides the delegatee with a delegation having a list of the delegated actions. In addition, the delegator determines a delegation scrip secret (DSS) and a delegation pass phrase (DPP) and securely passes these to the delegatee. The delegatee uses the DSS to authenticate itself to servers accepting the scrip and uses the DPP to encrypt the DSS while the scrip is stored by the delegatee. To perform an action with delegated scrip, the delegatee sends a request for the action to a server. The request includes the action, the scrip, the delegation, and a request stamp (RS) calculated using the DSS. The server validates the request by recalculating the RS. When server provides the delegatee with new scrip having multiple delegations, the server encrypts the new DSS'"'"'s for each delegation. The delegates uses the old DSS'"'"'s to decrypt the DSS'"'"'s for the new scrip. The delegatee stores the encrypted DSS for delegations for which the delegatee does not know the DSS.
149 Citations
19 Claims
-
1. An electronic system, comprising:
-
a delegator having rights to perform actions with scrip, and having a first delegation secret proving the rights held by the delegator, for delegating one or more rights to perform actions with the scrip; and
a delegatee for receiving the delegation of the one or more rights to perform actions with the scrip from the delegator, the delegatee receiving a second delegation secret derived from the first delegation secret, a delegation path from the delegator to the delegatee, a customer secret for the scrip, and the one or more rights delegated from the delegator to the delegatee, the second delegation secret proving the rights held by the delegatee. - View Dependent Claims (2, 3)
-
-
4. A method of using delegated scrip, comprising the steps of:
-
receiving scrip, a set of delegated actions for the scrip, and an encrypted delegation scrip secret reflecting the set of delegated actions for the scrip;
receiving a nonce;
decrypting the encrypted delegation scrip secret with the nonce and a previously received delegation scrip secret;
performing one of the actions in the set of delegated actions on the scrip; and
proving the right to perform the action with the decrypted delegation scrip secret. - View Dependent Claims (5, 6, 7, 8)
sending a message comprising;
the action to be performed on the scrip;
the scrip; and
the set of delegated actions for the scrip.
-
-
6. The method of claim 5, wherein the step of proving the right to perform the action with the decrypted delegation scrip secret comprises the steps of:
-
calculating a request stamp for the message with the decrypted delegation scrip secret; and
sending the request stamp.
-
-
7. The method of claim 6, wherein the step of calculating a request stamp for the message comprises the step of:
calculating the request stamp from the action to be performed on the scrip, the scrip, the set of delegated actions for the scrip, and the decrypted delegation scrip secret.
-
8. The method of claim 4, wherein computer instructions for performing the method steps are stored on a computer-readable medium.
-
9. A method of delegating scrip, comprising the steps of:
-
providing the scrip to a delegates;
providing a delegation to the delegatee, the delegation granting the delegates the right to perform a set of actions with the scrip; and
providing a delegation scrip secret for the delegation to the delegatee, the delegation scrip secret enabling the delegatee to validate that the delegates has the delegation, the delegation scrip secret derived from a delegation path from a delegator to the delegates, a customer secret for the scrip, and the set of actions granted to the delegatee. - View Dependent Claims (10, 11, 12)
appending a list of the set of actions granted to the delegatee with a delegation held by the delegator to form a new delegation; and
providing the new delegation to the delegatee.
-
-
11. The method of claim 9, further comprising the steps of:
-
determining a delegation pass phrase; and
securely providing the delegation pass phrase to the delegatee.
-
-
12. The method of claim 9, wherein computer instructions for performing the method steps are stored on a computer-readable medium.
-
13. A method of validating a request to perform an action with scrip, comprising the steps of:
-
receiving the request to perform the action with the scrip, the request accompanied by a delegation and a first request stamp;
determining a customer secret for the scrip;
calculating a second request stamp from the customer secret, the delegation, and the scrip;
determining whether the first request stamp matches the second request stamp;
performing the requested action responsive to a positive determination that the first request stamp matches the second request stamp;
providing new scrip responsive to the performance of the requested action;
calculating at least one new delegation secret for the new scrip;
securely transmitting the at least one new delegation secret;
encrypting the at least one new delegation secret with the delegation, the scrip, a nonce, and the new scrip; and
transmitting the delegation, the nonce, and the encrypted new delegation secret. - View Dependent Claims (14, 15, 16)
hashing the customer secret with the delegation to form a delegation secret; and
hashing the delegation secret with the action, the scrip, and the delegation to form the second request stamp.
-
-
15. The method of claim 13, wherein the delegation comprises a plurality of separate delegations and wherein the steps of providing new scrip and calculating at least one new delegation secret are performed for each of the plurality of separate delegations.
-
16. The method of claim 13 wherein computer instructions for performing the method steps are stored on a computer-readable medium.
-
17. A memory for storing data for access by an application program being executed on a data processing system, comprising:
-
a data structure stored in the memory, the data structure holding information for use in an electronic commerce system, the information comprising;
a scrip representing a unit of exchange in the electronic commerce system;
a delegation for specifying an action that the application program can perform with the scrip; and
an encrypted delegation scrip secret, the delegation scrip secret for validating the action specified by the delegation and derived from a delegation path from a delegator to a delegatee, a customer secret for the scrip, and the delegation. - View Dependent Claims (18, 19)
a first nonce for decrypting the delegation scrip secret.
-
-
19. The memory of claim 17, wherein the information further comprises:
-
the customer secret for the scrip, wherein the customer secret is encrypted and wherein the decrypted customer secret represents a root delegation for the scrip; and
a second nonce for decrypting the customer secret.
-
Specification