Securing electronic transactions over public networks

US 6,948,063 B1
Filed: 12/23/1999
Issued: 09/20/2005
Est. Priority Date: 12/23/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A networked system for accessing information, comprising:

a first network station, representing a first network entity, configured to control access to information stored on a network for a third network entity, and to encrypt a first component message with a first crypto-key associated with the first network entity;

a second network station, representing a second network entity, configured to control access to the network by the third network entity, to encrypt a second component message with a second crypto-key, to combine the encrypted first and the encrypted second component messages, and to transmit the combined messages over the network; and

a third network station, representing the third network entity, configured to receive the transmitted combined messages and to further transmit the received combined messages over the network in order to obtain access to the stored information;

wherein the first network station is further configured to receive the further transmitted combined messages, to decrypt the encrypted first and the encrypted second component messages in the received further transmitted combined messages, and to control access by the third network station to the stored information based on the decrypted first and second component messages.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic message for transmission over a network, such as the Internet, is created by encrypting a first component with a first crypto-key, which is associated with a first network entity, such that the encrypted first component can be decrypted by only the first network entity. The first crypto-key could, for example, be a symmetric crypto-key known only to the first network entity or the public non-symmetric crypto-key of a private-public non-symmetric key pair, where the private non-symmetric crypto key is known only to the first network entity. A second component, which is different than the first component, is encrypted with a second crypto-key, which is associated with a second network entity, such that the encrypted second component can also be decrypted by the first network entity. The second crypto-key could, for example, be a symmetric crypto-key known to both the first and second network entities or the private non-symmetric crypto-key of a private-public non-symmetric key pair of the second network entity, where the public non-symmetric crypto key is known to the first network entity. The encrypted first and second components are combined to create the electronic message.

145 Citations

38 Claims

1. A networked system for accessing information, comprising:
- a first network station, representing a first network entity, configured to control access to information stored on a network for a third network entity, and to encrypt a first component message with a first crypto-key associated with the first network entity;
  
  a second network station, representing a second network entity, configured to control access to the network by the third network entity, to encrypt a second component message with a second crypto-key, to combine the encrypted first and the encrypted second component messages, and to transmit the combined messages over the network; and
  
  a third network station, representing the third network entity, configured to receive the transmitted combined messages and to further transmit the received combined messages over the network in order to obtain access to the stored information;
  
  wherein the first network station is further configured to receive the further transmitted combined messages, to decrypt the encrypted first and the encrypted second component messages in the received further transmitted combined messages, and to control access by the third network station to the stored information based on the decrypted first and second component messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A networked system according to claim 1, wherein:
    - the first crypto-key is a symmetric crypto-key; and
      
      the second crypto-key is a non-symmetric crypto-key.
  - 3. A networked system according to claim 2, wherein:
    - the symmetric crypto-key is known only to the first network entity.
  - 4. A networked system according to claim 2, wherein;
    - the non-symmetric crypto-key is a private crypto-key of a joint private-public crypto-key pair associated with the second network entity.
  - 5. A networked system according to claim 1, wherein:
    - the first crypto-key is a first non-symmetric crypto-key; and
      
      the second crypto-key is a second non-symmetric crypto-key, different than the first non-symmetric crypto-key.
  - 6. A networked system according to claim 5, wherein:
    - the first non-symmetric crypto-key is a public crypto-key of a joint private-public crypto-key pair associated with the first network entity; and
      
      the second non-symmetric crypto-key is a private crypto-key of a joint private-public crypto-key pair associated with the second network entity.
  - 7. A networked system according to claim 1, wherein;
    - the first component message includes identity information associated with the third network entity, and integrity information which corresponds to the identity information; and
      
      the second component message includes voucher information which indicates that the second network entity has authenticated the third network entity.
  - 8. A networked system according to claim 1, further comprising:
    - a fourth network station, representing a fourth network entity, configured to encrypt a third component message with a third crypto-key, to initially combine the encrypted first and the encrypted third component messages, and to transmit the initially combined messages over the network;
      
      wherein the second network station is further configured to receive the transmitted initially combined messages, to combine the encrypted first and the encrypted third component messages in the received initially combined messages with the encrypted second component message to create the combined messages;
      
      wherein the first network station is further configured to decrypt the encrypted third component message in the received further transmitted combined messages, and to control access by the third network station to the stored information based also on the decrypted third component message.
  - 9. A networked system according to claim 8, wherein:
    - the first component message includes identity information associated with the third network entity, and integrity information which corresponds to the identity information;
      
      the second component message includes voucher information which indicates that the second network entity has authenticated the third network entity; and
      
      the third component message includes relationship information which indicates that the identity and the integrity information was received by the fourth network entity from the first network entity and transmitted by the fourth network entity to the second network entity.
  - 10. A networked system according to claim 8, wherein:
    - the first crypto-key is a symmetric crypto-key;
      
      the second crypto-key is a non-symmetric crypto-key; and
      
      the third crypto-key is a non-symmetric crypto-key.
  - 11. A networked system according to claim 1, wherein:
    - the second component message further includes a timestamp corresponding to a time at which the combined messages are transmitted by the second network station.
  - 12. A networked system according to claim 1, wherein:
    - the first network station is further configured to combine the encrypted first component message with a network address for the stored information;
      
      the second network station is further configured to combine the combined encrypted first component message and the network address with the encrypted second component message to create the combined messages; and
      
      the first network station is further configured to control access by the third network station to the stored information based on the network address and the decrypted first and second component messages.
  - 13. A networked system according to claim 1, wherein:
    - the second network station transmits the combined message in response to a received request;
      
      the first network station encrypts the first component message prior to receipt of the request by the second network station; and
      
      the second network station encrypts the second component message and combines the encrypted first and the encrypted second component messages after receipt of the request by the second network station.

14. A method of creating an electronic message for transmission over a network, comprising the steps of:
- encrypting a first component with a first crypto-key, associated with a first network entity, such that the encrypted first component can be decrypted by only the first network entity;
  
  encrypting a second component with a second crypto-key, associated with a second network entity, such that the encrypted second component can be decrypted by the first network station; and
  
  transmitting the encrypted first component and the encrypted second component as a combined message.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. A method according to claim 14, wherein:
    - the first crypto-key is a symmetric crypto-key; and
      
      the second crypto-key is a non-symmetric crypto-key.
  - 16. A method according to claim 15, wherein;
    - the symmetric crypto-key is known only to the first network entity; and
      
      the non-symmetric crypto-key is known only to the second network entity.
  - 17. A method according to claim 15, wherein;
    - the non-symmetric crypto-key is a private crypto-key of a joint private-public crypto-key pair associated with the second network entity.
  - 18. A method according to claim 14, wherein:
    - the first crypto-key is a first non-symmetric crypto-key; and
      
      the second crypto-key is a second non-symmetric crypto-key.
  - 19. A method according to claim 18, wherein:
    - the first non-symmetric crypto-key is a public crypto-key of a joint private-public crypto-key pair associated with the first network entity; and
      
      the second non-symmetric crypto-key is a private crypto-key of a joint private-public crypto-key pair associated with the second network entity.
  - 20. A method according to claim 14, further comprising the steps of:
    - encrypting a third component with a third crypto-key, associated with a third network entity, such that the encrypted third component can be decrypted by the first network entity; and
      
      transmitting the encrypted third component with the encrypted first and the encrypted second components as the combined message.
  - 21. A method according to claim 20, wherein:
    - the first crypto-key is a symmetric crypto-key;
      
      the second crypto-key is a first non-symmetric crypto-key; and
      
      the third crypto-key is a second non-symmetric crypto-key.
  - 22. A method according to claim 20, wherein:
    - the first component includes identity information associated with a fourth network entity and integrity information corresponding to the identity information;
      
      the second component includes relationship information which indicates that the identity and the integrity information were received by the second network entity from the first network entity and transmitted by the second network entity to the third network entity; and
      
      the third component includes voucher information which indicates that the third network entity authenticated the fourth network entity.
  - 23. A method according to claim 20, wherein:
    - the third component further includes a timestamp corresponding to a time at which the combined message is transmitted to the fourth network entity.
  - 24. A method according to claim 20, further comprising the step of:
    - transmitting the encrypted first, the encrypted second and the encrypted third components with a network address as the combined message.
  - 25. A method according to claim 14, wherein:
    - the combined message is transmitted responsive to a received request;
      
      the first component is encrypted prior to receipt of the request; and
      
      the second component is encrypted after receipt of the request.

26. A method for generating a multi-component electronic message, comprising:
- storing (i) a first component created by a first network entity and encrypted with a first crypto-key, associated with the first network entity, such that the encrypted first component can be decrypted by only the first entity and (ii) a second component created by a second network entity, and encrypted with a second crypto-key, such that the encrypted second component can be decrypted by the first network entity; and
  
  combining the stored first component with the stored second component to generate a multi-component message.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 27. The method according to claim 26, wherein:
    - the first crypto-key is a symmetric crypto-key known only to the first network entity; and
      
      the second crypto-key is a non-symmetric crypto-key.
  - 28. The method according to claim 27, wherein;
    - the non-symmetric crypto-key is a private crypto-key of a joint private-public crypto-key pair associated with the second network entity.
  - 29. The method according to claim 26, wherein:
    - the first crypto-key is a first non-symmetric crypto-key; and
      
      the second crypto-key is a second non-symmetric crypto-key.
  - 30. The method according to claim 29, wherein:
    - the first non-symmetric crypto-key is a public crypto-key of a joint private-public crypto-key pair associated with the first network entity; and
      
      the second non-symmetric crypto-key is a private crypto-key of a joint private-public crypto-key pair associated with the second network entity.
  - 31. The method according to claim 26, further comprising:
    - storing a third component created by a third network entity and encrypted with a third crypto-key, associated with the third network entity, such that the encrypted third component can be decrypted by the first network entity;
      
      wherein the stored third component is combined with the stored first and stored second components to generate the multi-component message.
  - 32. The method according to claim 31, wherein:
    - the first component includes identity information associated with a fourth network entity, and integrity information corresponding to the identity information;
      
      the second component includes relationship information which indicates that the identity and the integrity information were received by the second network entity from the first network entity and transmitted by the second network entity to the third network entity; and
      
      the third component includes voucher information which indicates that the third network entity has authenticated the fourth network entity.
  - 33. An electronic message according to claim 32, wherein:
    - the integrity information includes a hash of the identity information.
  - 34. The method according to claim 32, wherein:
    - the third component further includes a timestamp corresponding to a time at which the electronic message is transmitted by the third network entity to the fourth network entity.
  - 35. The method according to claim 26, wherein:
    - the first component includes identity information associated with a third network entity;
      
      the second component includes information which indicates that the second network entity has authenticated the third network entity.
  - 36. The method according to claim 35, wherein:
    - the second component further includes a timestamp corresponding to a time at which the electronic message is transmitted by the second network entity to the third network entity.
  - 37. The method according to claim 26, wherein:
    - the first network entity controls access to information available on a network; and
      
      the second entity controls access to other network entities.
  - 38. The method according to claim 26, wherein the first component includes an identification of information stored on a network, and further comprising:
    - combining a network address at which the identified stored information can be accessed with the generated multi-component message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Checkfree Corporation (Fiserv Incorporated)
Original Assignee
Checkfree Corporation (Fiserv Incorporated)
Inventors
Ganesan, Ravi, Lewis, Matt, Hobday, Kenneth
Primary Examiner(s)
Caldwell, Andrew
Assistant Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US09/471,490
Time in Patent Office

2,098 Days
Field of Search

705 77- 79, 705/53, 713/168
US Class Current

713/168
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 2221/2115   Third party

G06Q 20/00   Payment architectures, sche...

G06Q 20/085   involving remote charge det...

G06Q 20/102   Bill distribution or payments

G06Q 20/14   specially adapted for billi...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

H04L 2463/102   applying security measure f...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

Securing electronic transactions over public networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

145 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Securing electronic transactions over public networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links