Trusted authorization device
First Claim
1. A method of providing for a trusted authorization of a transaction, comprising:
- a. providing for communicating with a first computer;
b. providing for displaying first information to be authorized on a trusted display of a trusted authorization device, wherein said first information to be authorized is provided by said first computer;
c. providing for receiving an authorization command from a trusted keypad of said trusted authorization device, wherein said authorization command is related to said first information; and
d. if said authorization command provides for authorizing said first information, then providing for a set of operations by a trusted processor of said trusted authorization device, said set of operations comprising;
i. generating a random number;
ii. generating second information that is responsive to said first information to be authorized, wherein said second information further incorporates both said random number and a first identification code associated with said trusted authorization device, wherein said first identification code is stored on a trusted memory of said trusted authorization device;
iii. generating a signature of said second information, wherein said signature is generated by a first encryption process;
iv. generating a set of session keys by a second encryption process, wherein said second encryption process is responsive to said random number and to a set of stored working keys, and said set of stored working keys are stored on said trusted memory of said trusted authorization device;
v. generating third information by encrypting said second information and said signature using a third encryption process that is responsive to said set of session keys; and
vi. communicating to said first computer said random number, said first identification code, and said third information, wherein said random number and said first identification code are communicated in plaintext.
0 Assignments
0 Petitions
Accused Products
Abstract
A trusted display (18) of a trusted authorization device (TAD) (10) displays on a trusted display (18) first information about a transaction to be authorized by a user (14) using a trusted keypad (20). The TAD (10) generates (208) a random number (R); generates (1210) second information from the first information, the random number (R) and a first identification code (TADID-A) of the TAD (10); generates (212) a signature of the second information using a first encryption process; egnerates (216) a set of session keys (Ks1, Ks2, Ks3) by a second encryption process responsive to the random number (R) and a set of stored working keys (Kw1, Kw2, Kw3); and generates (218) third information by encrypting the second information and the signature using a third encryption process responsive to the set of session keys (Ks1, Ks2, Ks3). A dat structure (42) is formed comprising the random numer (R), the first identification code (TADID-A), and the third information; and communicated (220) from the TAD (10) to the client (12) to a host server (28) for verification by a verification decryption server (32).
126 Citations
40 Claims
-
1. A method of providing for a trusted authorization of a transaction, comprising:
-
a. providing for communicating with a first computer; b. providing for displaying first information to be authorized on a trusted display of a trusted authorization device, wherein said first information to be authorized is provided by said first computer; c. providing for receiving an authorization command from a trusted keypad of said trusted authorization device, wherein said authorization command is related to said first information; and d. if said authorization command provides for authorizing said first information, then providing for a set of operations by a trusted processor of said trusted authorization device, said set of operations comprising; i. generating a random number; ii. generating second information that is responsive to said first information to be authorized, wherein said second information further incorporates both said random number and a first identification code associated with said trusted authorization device, wherein said first identification code is stored on a trusted memory of said trusted authorization device; iii. generating a signature of said second information, wherein said signature is generated by a first encryption process; iv. generating a set of session keys by a second encryption process, wherein said second encryption process is responsive to said random number and to a set of stored working keys, and said set of stored working keys are stored on said trusted memory of said trusted authorization device; v. generating third information by encrypting said second information and said signature using a third encryption process that is responsive to said set of session keys; and vi. communicating to said first computer said random number, said first identification code, and said third information, wherein said random number and said first identification code are communicated in plaintext. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 35)
-
-
33. A method of providing for a trusted authorization of a transaction, comprising:
-
a. providing for initiating a transaction on a first computer responsive to at least one input from a user; b. providing for communicating first information to a transaction authorization device, wherein said first information is related to said transaction, and said transaction authorization device is operatively connected to said first computer; c. providing for receiving a data structure from said transaction authorization device, wherein said data structure is responsive to said first information, said data structure comprises a random number, a first identification code, and third information, said third information comprises an encryption by a third encryption process of both second information and a signature responsive to said second information, a first portion of said second information is responsive to said first information, a second portion of said second information comprises said random number, a third portion of said second information comprises said first identification code, said random number is generated by said trusted authorization device, and said first identification code is associated with said trusted authorization device; and d. providing for communicating said data structure to a host server computer, wherein said data structure provides for a trusted authorization of said transaction.
-
-
34. A method of providing for a trusted authorization of a transaction, comprising:
-
a. providing for receiving by a first computer a data structure from a second computer, wherein said data structure is responsive to first information, said first information is related to a transaction to be authorized, said data structure comprises a random number, a first identification code, and third information, said third information comprises an encryption by a third encryption process of both second information and a signature by a first encryption process responsive to said second information, a first portion of said second information is responsive to said first information, a second portion of said second information comprises said random number, a third portion of said second information comprises said first identification code; b. providing for retrieving a set of stored working keys, wherein said operation of retrieving is responsive to said first identification code; c. providing for generating a set of session keys by a second encryption process, wherein said second encryption process is responsive to said random number and to said set of stored working keys; d. providing for generating second information and fifth information by decrypting said third information using said third encryption process that is responsive to said set of session keys; e. providing for generating a signature of said second information, wherein said signature is generated by said first encryption process; f. providing for comparing said signature with said fifth information; and g. if said signature matches said fifth information, then providing for acting upon said second information.
-
-
36. A method of authorizing a transaction responsive to a data structure, comprising:
-
a. receiving said data structure, wherein said data structure is responsive to first information, said first information is related to a transaction to be authorized, said data structure comprises a random number, a first identification code, and third information, said third information comprises an encryption by a third encryption process of both second information and a signature by a first encryption process responsive to said second information, a first portion of said second information is responsive to said first information, a second portion of said second information comprises said random number, a third portion of said second information comprises said first identification code; b. retrieving or receiving a set of stored working keys, wherein said operation of retrieving is responsive to said first identification code; c. generating a set of session keys by a second encryption process, wherein said second encryption process is responsive to said random number and to said set of stored working keys; d. generating second information and fifth information by decrypting said third information using said third encryption process that is responsive to said set of session keys; e. generating a signature of said second information, wherein said signature is generated by said first encryption process; f. comparing said signature with said fifth information; and g. transmitting a result of the operation of comparing said signature with said fifth information. - View Dependent Claims (37)
-
-
38. A memory for storing data for access by an application program being executed on a computer, comprising a data structure stored in said memory, wherein said data structure is responsive to first information, said first information is related to a transaction to be authorized, and said data structure comprises
a. a first data object comprising a random number; -
b. a second data object comprising a first identification code; and c. a third data object comprising third information, wherein said third information comprises an encryption by a third encryption process of both second information and a signature by a first encryption process responsive to said second information, said third encryption process is responsive to a set of session keys that are responsive to said random number, a first portion of said second information is responsive to said first information, a second portion of said second information comprises said random number, a third portion of said second information comprises said first identification code. - View Dependent Claims (39, 40)
-
Specification