Delegation of permissions in an electronic commerce system

US 6,523,012 B1
Filed: 05/21/1999
Issued: 02/18/2003
Est. Priority Date: 05/21/1999
Status: Expired due to Term

First Claim

Patent Images

1. An electronic system, comprising:

a delegator having rights to perform actions with scrip, and having a first delegation secret proving the rights held by the delegator, for delegating one or more rights to perform actions with the scrip; and

a delegatee for receiving the delegation of the one or more rights to perform actions with the scrip from the delegator, the delegatee receiving a second delegation secret derived from the first delegation secret, a delegation path from the delegator to the delegatee, a customer secret for the scrip, and the one or more rights delegated from the delegator to the delegatee, the second delegation secret proving the rights held by the delegatee.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic commerce system includes a broker computer system having a database of scrip representing a form of currency, a vendor computer system having a database containing products which may be exchanged for the scrip, a consumer computer system with which a user may initiate transactions with the scrip, and an agent computer system to which the consumer can delegate rights to perform actions with the scrip. To delegate actions on scrip, the delegator provides the delegatee with a delegation having a list of the delegated actions. In addition, the delegator determines a delegation scrip secret (DSS) and a delegation pass phrase (DPP) and securely passes these to the delegatee. The delegatee uses the DSS to authenticate itself to servers accepting the scrip and uses the DPP to encrypt the DSS while the scrip is stored by the delegatee. To perform an action with delegated scrip, the delegatee sends a request for the action to a server. The request includes the action, the scrip, the delegation, and a request stamp (RS) calculated using the DSS. The server validates the request by recalculating the RS. When server provides the delegatee with new scrip having multiple delegations, the server encrypts the new DSS'"'"'s for each delegation. The delegates uses the old DSS'"'"'s to decrypt the DSS'"'"'s for the new scrip. The delegatee stores the encrypted DSS for delegations for which the delegatee does not know the DSS.

149 Citations

19 Claims

1. An electronic system, comprising:
- a delegator having rights to perform actions with scrip, and having a first delegation secret proving the rights held by the delegator, for delegating one or more rights to perform actions with the scrip; and
  
  a delegatee for receiving the delegation of the one or more rights to perform actions with the scrip from the delegator, the delegatee receiving a second delegation secret derived from the first delegation secret, a delegation path from the delegator to the delegatee, a customer secret for the scrip, and the one or more rights delegated from the delegator to the delegatee, the second delegation secret proving the rights held by the delegatee.
- View Dependent Claims (2, 3)
- - 2. The electronic system of claim 1, wherein the first delegation secret is derived from the customer secret for the scrip and the rights to perform actions with the scrip held by the delegator.
  - 3. The electronic system of claim 1, wherein the delegator generates, and the delegatee receives, a delegation pass phrase for encrypting the second delegation secret.

4. A method of using delegated scrip, comprising the steps of:
- receiving scrip, a set of delegated actions for the scrip, and an encrypted delegation scrip secret reflecting the set of delegated actions for the scrip;
  
  receiving a nonce;
  
  decrypting the encrypted delegation scrip secret with the nonce and a previously received delegation scrip secret;
  
  performing one of the actions in the set of delegated actions on the scrip; and
  
  proving the right to perform the action with the decrypted delegation scrip secret.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The method of claim 4, wherein the step of performing one of the actions in the set of delegated actions on the scrip comprises the step of:
6. The method of claim 5, wherein the step of proving the right to perform the action with the decrypted delegation scrip secret comprises the steps of:
- calculating a request stamp for the message with the decrypted delegation scrip secret; and
  
  sending the request stamp.
7. The method of claim 6, wherein the step of calculating a request stamp for the message comprises the step of:
- calculating the request stamp from the action to be performed on the scrip, the scrip, the set of delegated actions for the scrip, and the decrypted delegation scrip secret.
8. The method of claim 4, wherein computer instructions for performing the method steps are stored on a computer-readable medium.

9. A method of delegating scrip, comprising the steps of:
- providing the scrip to a delegates;
  
  providing a delegation to the delegatee, the delegation granting the delegates the right to perform a set of actions with the scrip; and
  
  providing a delegation scrip secret for the delegation to the delegatee, the delegation scrip secret enabling the delegatee to validate that the delegates has the delegation, the delegation scrip secret derived from a delegation path from a delegator to the delegates, a customer secret for the scrip, and the set of actions granted to the delegatee.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the step of providing the delegation to the delegatee comprises the steps of:
11. The method of claim 9, further comprising the steps of:
- determining a delegation pass phrase; and
  
  securely providing the delegation pass phrase to the delegatee.
12. The method of claim 9, wherein computer instructions for performing the method steps are stored on a computer-readable medium.

13. A method of validating a request to perform an action with scrip, comprising the steps of:
- receiving the request to perform the action with the scrip, the request accompanied by a delegation and a first request stamp;
  
  determining a customer secret for the scrip;
  
  calculating a second request stamp from the customer secret, the delegation, and the scrip;
  
  determining whether the first request stamp matches the second request stamp;
  
  performing the requested action responsive to a positive determination that the first request stamp matches the second request stamp;
  
  providing new scrip responsive to the performance of the requested action;
  
  calculating at least one new delegation secret for the new scrip;
  
  securely transmitting the at least one new delegation secret;
  
  encrypting the at least one new delegation secret with the delegation, the scrip, a nonce, and the new scrip; and
  
  transmitting the delegation, the nonce, and the encrypted new delegation secret.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the calculating step comprises the steps of:
15. The method of claim 13, wherein the delegation comprises a plurality of separate delegations and wherein the steps of providing new scrip and calculating at least one new delegation secret are performed for each of the plurality of separate delegations.
16. The method of claim 13 wherein computer instructions for performing the method steps are stored on a computer-readable medium.

17. A memory for storing data for access by an application program being executed on a data processing system, comprising:
- a data structure stored in the memory, the data structure holding information for use in an electronic commerce system, the information comprising;
  
  a scrip representing a unit of exchange in the electronic commerce system;
  
  a delegation for specifying an action that the application program can perform with the scrip; and
  
  an encrypted delegation scrip secret, the delegation scrip secret for validating the action specified by the delegation and derived from a delegation path from a delegator to a delegatee, a customer secret for the scrip, and the delegation.
- View Dependent Claims (18, 19)
- - 18. The memory of claim 17, wherein the information further comprises:
19. The memory of claim 17, wherein the information further comprises:
- the customer secret for the scrip, wherein the customer secret is encrypted and wherein the decrypted customer secret represents a root delegation for the scrip; and
  
  a second nonce for decrypting the customer secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Glassman, Steven C., Manasse, Mark S.
Primary Examiner(s)
Dixon, Thomas A.

Application Number

US09/316,625
Time in Patent Office

1,369 Days
Field of Search

705/75, 705/35, 705/67, 705/26, 705/40, 705/44, 235/379
US Class Current

705/75
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/06   Private payment circuits, e...

G06Q 20/401   Transaction verification

G06Q 30/06   Buying, selling or leasing ...

Delegation of permissions in an electronic commerce system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

149 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Delegation of permissions in an electronic commerce system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links