Method and system for a virtual safe

US 6,941,285 B2
Filed: 10/11/2002
Issued: 09/06/2005
Est. Priority Date: 04/14/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of performing a secure electronic commerce transaction over a network using a smart card, said network having a client terminal, a merchant server, a payment server, and an authentication server, said smart card being a physical smart card or a virtual smart card, said smart card being associated with a user at said client terminal, said smart card having associated smart card information, said smart card information including an account balance, said smart card information being stored at said client terminal and at said authentication server, said method comprising the steps of:

sending a transaction request message from said client terminal to said merchant server identifying a product for said transaction, said product having associated product information, said product information being displayed on a first web page supported by said merchant server, said user being able to view said web page at said client terminal using a browser;

said transaction request message being sent via a Transaction Fulfilment Mechanism (TFM) module consisting of a set of fraud management heuristics that are invoked in a progression that leads to a final fulfillment condition, said fulfillment condition dictating what type of delivery is to be made and associated criteria for completion of said transaction;

sending transaction information from said merchant server to said client terminal in response to said transaction request message, said transaction information being contained in a second web page generated by said merchant server and displayable to said user through said browser, said transaction information including a price for said product, an IP address of said payment server, a transaction identifier, and a merchant identifier, said transaction identifier for tracking said transaction by said merchant server and by said payment server, said merchant identifier for tracking said transaction by said client terminal and said payment server;

receiving a user identifier and a PIN from said user at said client terminal for authorizing said transaction;

sending said user identifier, said PIN, and said transaction information from said client terminal to said authentication server;

comparing said price of said product to said account balance for said smart card at said authentication server to determine if said transaction can proceed, said account balance being stored at said authentication server and being accessed using said user identifier and said PIN, said transaction being terminated and a first termination message being sent from said authentication server to said client terminal for display to said user if said price exceeds said account balance by a predetermined amount;

sending a draw request message from said authentication server to said payment server using said IP address of said payment server, said draw request message containing said transaction information;

sending said draw request message from said payment server to said client terminal;

sending a debit request message from said client terminal to said payment server in response to said draw request message, said debit request message including a first digital signature, said first digital signature for verifying that said debit request message originated from said client terminal, said first digital signature being generated at said client terminal using said smart card information stored at said client terminal;

sending said debit request message from said payment server to said authentication server;

comparing at said authentication server said first digital signature contained in said debit request message to a first check digital signature generated at said authentication server using said smart card information stored at said authentication server to determine if said transaction can proceed, said transaction being terminated and a second termination message being sent from said authentication server to said client terminal for display to said user if said first digital signature does not match said first check digital signature;

updating said smart card information by debiting said account balance by paid price to produce an updated account balance and storing said updated account balance at said authentication server;

sending a debit response message from said authentication server to said payment server, said debit response message including a second digital signature, said second digital signature for verifying that said debit response message originated from said authentication server and for verifying that said account balance has been debited, said second digital signature being generated at said authentication server using said smart card information stored at said authentication server;

sending said debit response message from said payment server to said client terminal;

comparing at said client terminal said second digital signature contained in said debit response message to a second check digital signature generated at said client terminal using said smart card information stored at said client terminal, said smart card information stored at said client terminal including an expected updated account balance, to determine if said transaction can proceed, said transaction being terminated and a third termination message being displayed to said user if said second digital signature does not match said second check digital signature;

updating said smart card information by debiting said account balance by paid price to produce an updated account balance and storing said updated account balance at said client terminal;

sending a verification response message from said client terminal to said payment server, said verification response message including an indication that said second digital signature matches said second check digital signature and that said transaction can proceed;

logging said indication and said transaction information at said payment server;

sending a debit result message from said payment server to said authentication server, said debit result message for confirming that said transaction has been logged and that said transaction can proceed, said debit result message including said indication and said transaction information;

logging said debit result message at said authentication server;

sending said debit result message from said authentication server to said client terminal to confirm that said transaction has been logged and that said transaction can proceed;

sending said debit result message from said client terminal to said merchant server to confirm that said transaction has been logged and that said product can be released to said user; and

, sending a purchase receipt message from said merchant server to said client terminal, said purchase receipt message indicating that said product has been released to said user, thereby completing said secure electronic commerce transaction;

wherein all of said transaction communications are routed through a secure component (Crypto Engine CEV) module which interconnects software modules and assures management of multi-identities, strong authentication, user consent, anonymity, accountability, reporting and privacy compliance.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A transaction server for performing a transaction over a network using a virtual smart card the server comprising, a virtual smart card database having a plurality of records each record including a virtual card identification and a value corresponding to a single virtual smart card; a security module; an emulator for emulating a smart card, the emulator for receiving smart card commands and processing the commands in conjunction with the virtual smart card database and the security module; and a virtual card reader module for receiving the smart card commands and relaying the commands to the smart card emulator whereby transactions are performed over the network using one or more the records and the virtual smart card database.

436 Citations

16 Claims

1. A method of performing a secure electronic commerce transaction over a network using a smart card, said network having a client terminal, a merchant server, a payment server, and an authentication server, said smart card being a physical smart card or a virtual smart card, said smart card being associated with a user at said client terminal, said smart card having associated smart card information, said smart card information including an account balance, said smart card information being stored at said client terminal and at said authentication server, said method comprising the steps of:
- sending a transaction request message from said client terminal to said merchant server identifying a product for said transaction, said product having associated product information, said product information being displayed on a first web page supported by said merchant server, said user being able to view said web page at said client terminal using a browser;
  
  said transaction request message being sent via a Transaction Fulfilment Mechanism (TFM) module consisting of a set of fraud management heuristics that are invoked in a progression that leads to a final fulfillment condition, said fulfillment condition dictating what type of delivery is to be made and associated criteria for completion of said transaction;
  
  sending transaction information from said merchant server to said client terminal in response to said transaction request message, said transaction information being contained in a second web page generated by said merchant server and displayable to said user through said browser, said transaction information including a price for said product, an IP address of said payment server, a transaction identifier, and a merchant identifier, said transaction identifier for tracking said transaction by said merchant server and by said payment server, said merchant identifier for tracking said transaction by said client terminal and said payment server;
  
  receiving a user identifier and a PIN from said user at said client terminal for authorizing said transaction;
  
  sending said user identifier, said PIN, and said transaction information from said client terminal to said authentication server;
  
  comparing said price of said product to said account balance for said smart card at said authentication server to determine if said transaction can proceed, said account balance being stored at said authentication server and being accessed using said user identifier and said PIN, said transaction being terminated and a first termination message being sent from said authentication server to said client terminal for display to said user if said price exceeds said account balance by a predetermined amount;
  
  sending a draw request message from said authentication server to said payment server using said IP address of said payment server, said draw request message containing said transaction information;
  
  sending said draw request message from said payment server to said client terminal;
  
  sending a debit request message from said client terminal to said payment server in response to said draw request message, said debit request message including a first digital signature, said first digital signature for verifying that said debit request message originated from said client terminal, said first digital signature being generated at said client terminal using said smart card information stored at said client terminal;
  
  sending said debit request message from said payment server to said authentication server;
  
  comparing at said authentication server said first digital signature contained in said debit request message to a first check digital signature generated at said authentication server using said smart card information stored at said authentication server to determine if said transaction can proceed, said transaction being terminated and a second termination message being sent from said authentication server to said client terminal for display to said user if said first digital signature does not match said first check digital signature;
  
  updating said smart card information by debiting said account balance by paid price to produce an updated account balance and storing said updated account balance at said authentication server;
  
  sending a debit response message from said authentication server to said payment server, said debit response message including a second digital signature, said second digital signature for verifying that said debit response message originated from said authentication server and for verifying that said account balance has been debited, said second digital signature being generated at said authentication server using said smart card information stored at said authentication server;
  
  sending said debit response message from said payment server to said client terminal;
  
  comparing at said client terminal said second digital signature contained in said debit response message to a second check digital signature generated at said client terminal using said smart card information stored at said client terminal, said smart card information stored at said client terminal including an expected updated account balance, to determine if said transaction can proceed, said transaction being terminated and a third termination message being displayed to said user if said second digital signature does not match said second check digital signature;
  
  updating said smart card information by debiting said account balance by paid price to produce an updated account balance and storing said updated account balance at said client terminal;
  
  sending a verification response message from said client terminal to said payment server, said verification response message including an indication that said second digital signature matches said second check digital signature and that said transaction can proceed;
  
  logging said indication and said transaction information at said payment server;
  
  sending a debit result message from said payment server to said authentication server, said debit result message for confirming that said transaction has been logged and that said transaction can proceed, said debit result message including said indication and said transaction information;
  
  logging said debit result message at said authentication server;
  
  sending said debit result message from said authentication server to said client terminal to confirm that said transaction has been logged and that said transaction can proceed;
  
  sending said debit result message from said client terminal to said merchant server to confirm that said transaction has been logged and that said product can be released to said user; and
  
  , sending a purchase receipt message from said merchant server to said client terminal, said purchase receipt message indicating that said product has been released to said user, thereby completing said secure electronic commerce transaction;
  
  wherein all of said transaction communications are routed through a secure component (Crypto Engine CEV) module which interconnects software modules and assures management of multi-identities, strong authentication, user consent, anonymity, accountability, reporting and privacy compliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 wherein said network is the Internet.
  - 3. The method of claim 1 wherein said debit result message is encrypted.
  - 4. The method of claim 1, wherein said authentication server is operable to enable, enhance and support government, health, insurance, institutional, general business and financial services that enable processing such as credit card processing standards, e-check, legal, administrative and financial settlement between parties in online transactions in compliance with government regulations and privacy legislations.
  - 5. The method of claim 1, further comprising the step at periodically re-configuring data on said smart card.
  - 6. The method of claim 1, wherein the secure electronic commerce transaction method is carried out using the software modules comprising the group of:
    - a Public Key Infrastructure (PKI) module;
      
      a Forwarding Mechanism/Redirection Link module;
      
      a Secure Remote Pointer/Plug-in/Application/Applet module;
      
      a Attribute Authority module;
      
      a Virtual Identity module;
      
      a Unique authentication process module;
      
      a Secure Data Repository module;
      
      an Authentication Authority module;
      
      a Crypto-Engine (CEV) module;
      
      a Payment Processing Engine module;
      
      a Risk Management Engine module;
      
      a Transaction Fulfillment Mechanism module;
      
      an Insurance Module;
      
      a Transaction Secure Repository module; and
      
      a VirtualSAFE Deposit Box module.
  - 7. The method of claim 6, wherein the secure session and/or the SSL protocol authenticates and secures communications with the server, and Public Key Infrastructure (PKI) combined with third party trusted Certificate Authorities authenticates the device or computer, the VirtualSAFE system and method authenticates the server, computer, and the user based on principles of secret, share secret and physical material or certificates to create uniqueness of user virtual identity.
  - 8. The method of claim 1, further comprising a power of Attorney Consent software module.
  - 9. The method of claim 1, further comprising an Escrow Module called Secure Proxy software module.
  - 10. The method of claims 1 wherein said TFM and said set of fraud management heuristics are operable to perform the steps of:
    - generating a Customer Authentication Scoring, by considering Certificate Authentication, Secure Cookies, PIN or PIN value, and SRP Verifications criteria;
      
      generating a Credential Identification Scoring, by considering Address, Amount, Over Limit, Declined, Plug-in Verifications, Risk Assessment, Transaction type, Payment type, Fraud, and Third party assessment proof or change criteria;
      
      generating a Transaction Risk Scoring by considering external Third Party Fraud Assessment data, or Internal Primary Attribute, Secondary Attribute, Reduction, Tune Up, Risk Adjustment, and Fraud Data Configuration criteria;
      
      said Fulfillment Response being dependable to third party authorization and creating a type of said Fulfillment Delivery based on a opposite score that will guarantee delivery of products/services/document; and
      
      said three steps of generating being combined to a achieve a transaction score that is used to determine said fulfillment response and type of fulfillment delivery.
  - 11. The method of claim 1, where information is sent to said authentication server by securely forwarding the information from said customer application in accordance with a security policy.
  - 12. The method of claim 1 wherein each step of transmitting comprises the step of transmitting using standard secure communication session such as SSL, said unique session bundling encryption of user data by user'"'"'s keys to support three basic rules;
    - user secret, user share secret and physical material that represents sets of user'"'"'s unique keys; and
      
      further comprising the step of flushing memory of tamper-proof Crypto Engine CEV process encrypted and raw data that will be securely granulated and encrypted in accordance with policy of segmentation, encryption and fragmentation of data such as keys.
  - 13. The method of claim 1 further comprising the step of responding to a successful user authentication for a transaction, by using a user'"'"'s or authorized user'"'"'s unique electronic signature to sign a transactional consent, legally binding all parties in order to proceed with transactions enabled by multi-step chain, anonymous or personalized proxy/surrogate/assembly electronic signature mechanism;
    - said transaction signed by user signature and by all other parties'"'"' signatures involved in the transaction enabling accountable anonymity in compliance with a non-reputable, transactional audit, audit legal audit and reporting mechanism.
  - 14. The method of claim 1, wherein said payment server responds to the failure to settle a financial transaction, said user not accepting a delivered product in accordance with said policy, by said Transaction Fulfillment Mechanism initiating cancellation of said order in accordance with said policy which will trigger credit of said user transaction process such as payment server will settle and/or credit financial transaction escrowed in accordance with said agreement.
  - 15. The method of claim 1, further comprising the step of responding to said user failing to receive delivery of a product in accordance with said agreement consented to by said user, and said Transaction Fulfillment Mechanism, by initiating cancellation of said order.
  - 16. The method of claim 1, further comprising the step of ensuring security through a combination of public key certificates and attribute certificates which are deployed for authentication and authorization purposes for each entity in an e-commerce transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Branko Sarcanin
Original Assignee
Branko Sarcanin
Inventors
Sarcanin, Branko
Primary Examiner(s)
Reagan, James A.

Application Number

US10/269,033
Publication Number

US 20030145205A1
Time in Patent Office

1,061 Days
Field of Search

705/35, 705/39, 705/40, 705/41, 705/67, 705/79, 705/52, 235/380, 235/492, 235/379, 235/382, 713/200, 713/201, 713/155, 713/159, 713/189, 713/202
US Class Current

705/67
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/102   Bill distribution or payments

G06Q 20/105   involving programming of a ...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 40/00   Finance; Insurance; Tax str...

G07F 7/0826   Embedded security module

G07F 7/10   together with a coded signa...

Method and system for a virtual safe

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

436 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for a virtual safe

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

436 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links